diff --git a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/checkPolicyRestrictions.json b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/checkPolicyRestrictions.json index 03de054c3e5a..f1bf4d7106fd 100644 --- a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/checkPolicyRestrictions.json +++ b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/checkPolicyRestrictions.json @@ -1,320 +1,320 @@ { - "swagger": "2.0", - "info": { - "title": "CheckPolicyRestrictionsClient", - "version": "2020-07-01" - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] + "swagger": "2.0", + "info": { + "title": "CheckPolicyRestrictionsClient", + "version": "2020-07-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/subscriptions/{subscriptionId}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions": { - "post": { - "operationId": "PolicyRestrictions_CheckAtSubscriptionScope", - "description": "Checks what restrictions Azure Policy will place on a resource within a subscription.", - "parameters": [ - { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" - }, - { - "name": "parameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/CheckRestrictionsRequest" - }, - "description": "The check policy restrictions parameters." - } - ], - "responses": { - "200": { - "description": "The restrictions that will be placed on the resource by Azure Policy.", - "schema": { - "$ref": "#/definitions/CheckRestrictionsResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../stable/2019-10-01/policyMetadata.json#/definitions/ErrorResponse" - } - } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions": { + "post": { + "operationId": "PolicyRestrictions_CheckAtSubscriptionScope", + "description": "Checks what restrictions Azure Policy will place on a resource within a subscription.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/CheckRestrictionsRequest" }, - "x-ms-examples": { - "Check policy restrictions at subscription scope": { - "$ref": "./examples/PolicyRestrictions_CheckAtSubscriptionScope.json" - } + "description": "The check policy restrictions parameters." + } + ], + "responses": { + "200": { + "description": "The restrictions that will be placed on the resource by Azure Policy.", + "schema": { + "$ref": "#/definitions/CheckRestrictionsResult" } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions": { - "post": { - "operationId": "PolicyRestrictions_CheckAtResourceGroupScope", - "description": "Checks what restrictions Azure Policy will place on a resource within a resource group. Use this when the resource group the resource will be created in is already known.", - "parameters": [ - { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" - }, - { - "name": "parameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/CheckRestrictionsRequest" - }, - "description": "The check policy restrictions parameters." - } - ], - "responses": { - "200": { - "description": "The restrictions that will be placed on the resource by Azure Policy.", - "schema": { - "$ref": "#/definitions/CheckRestrictionsResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../stable/2019-10-01/policyMetadata.json#/definitions/ErrorResponse" - } - } - }, - "x-ms-examples": { - "Check policy restrictions at resource group scope": { - "$ref": "./examples/PolicyRestrictions_CheckAtResourceGroupScope.json" - } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../stable/2019-10-01/policyMetadata.json#/definitions/ErrorResponse" } - } + } + }, + "x-ms-examples": { + "Check policy restrictions at subscription scope": { + "$ref": "./examples/PolicyRestrictions_CheckAtSubscriptionScope.json" + } + } } - }, - "definitions": { - "CheckRestrictionsRequest": { - "description": "The check policy restrictions parameters describing the resource that is being evaluated.", - "properties": { - "resourceDetails": { - "description": "The information about the resource that will be evaluated.", - "$ref": "#/definitions/CheckRestrictionsResourceDetails" - }, - "pendingFields": { - "description": "The list of fields and values that should be evaluated for potential restrictions.", - "type": "array", - "items": { - "$ref": "#/definitions/PendingField" - } - } - }, - "required": [ - "resourceDetails" - ] - }, - "CheckRestrictionsResourceDetails": { - "description": "The information about the resource that will be evaluated.", - "properties": { - "resourceContent": { - "description": "The resource content. This should include whatever properties are already known and can be a partial set of all resource properties.", - "type": "object" + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions": { + "post": { + "operationId": "PolicyRestrictions_CheckAtResourceGroupScope", + "description": "Checks what restrictions Azure Policy will place on a resource within a resource group. Use this when the resource group the resource will be created in is already known.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/CheckRestrictionsRequest" }, - "apiVersion": { - "description": "The api-version of the resource content.", - "type": "string" - }, - "scope": { - "description": "The scope where the resource is being created. For example, if the resource is a child resource this would be the parent resource's resource ID.", - "type": "string" + "description": "The check policy restrictions parameters." + } + ], + "responses": { + "200": { + "description": "The restrictions that will be placed on the resource by Azure Policy.", + "schema": { + "$ref": "#/definitions/CheckRestrictionsResult" } - }, - "required": [ - "resourceContent" - ] - }, - "PendingField": { - "description": "A field that should be evaluated against Azure Policy to determine restrictions.", - "properties": { - "field": { - "description": "The name of the field. This can be a top-level property like 'name' or 'type' or an Azure Policy field alias.", - "type": "string" - }, - "values": { - "description": "The list of potential values for the field that should be evaluated against Azure Policy.", - "type": "array", - "items": { - "type": "string" - } - } - }, - "required": [ - "field" - ] - }, - "CheckRestrictionsResult": { - "description": "The result of a check policy restrictions evaluation on a resource.", - "properties": { - "fieldRestrictions": { - "description": "The restrictions that will be placed on various fields in the resource by policy.", - "type": "array", - "items": { - "$ref": "#/definitions/FieldRestrictions" - }, - "readOnly": true - }, - "contentEvaluationResult": { - "description": "Evaluation results for the provided partial resource content.", - "properties": { - "policyEvaluations": { - "description": "Policy evaluation results against the given resource content. This will indicate if the partial content that was provided will be denied as-is.", - "type": "array", - "items": { - "$ref": "#/definitions/PolicyEvaluationResult" - } - } - }, - "readOnly": true - } - } - }, - "FieldRestrictions": { - "description": "The restrictions that will be placed on a field in the resource by policy.", - "properties": { - "field": { - "description": "The name of the field. This can be a top-level property like 'name' or 'type' or an Azure Policy field alias.", - "type": "string", - "readOnly": true - }, - "restrictions": { - "description": "The restrictions placed on that field by policy.", - "type": "array", - "items": { - "$ref": "#/definitions/FieldRestriction" - } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../stable/2019-10-01/policyMetadata.json#/definitions/ErrorResponse" } - } + } + }, + "x-ms-examples": { + "Check policy restrictions at resource group scope": { + "$ref": "./examples/PolicyRestrictions_CheckAtResourceGroupScope.json" + } + } + } + } + }, + "definitions": { + "CheckRestrictionsRequest": { + "description": "The check policy restrictions parameters describing the resource that is being evaluated.", + "properties": { + "resourceDetails": { + "description": "The information about the resource that will be evaluated.", + "$ref": "#/definitions/CheckRestrictionsResourceDetails" + }, + "pendingFields": { + "description": "The list of fields and values that should be evaluated for potential restrictions.", + "type": "array", + "items": { + "$ref": "#/definitions/PendingField" + } + } }, - "FieldRestriction": { - "description": "The restrictions on a field imposed by a specific policy.", - "properties": { - "result": { - "description": "The type of restriction that is imposed on the field.", - "type": "string", - "enum": [ - "Required", - "Removed", - "Deny" - ], - "x-ms-enum": { - "name": "FieldRestrictionResult", - "modelAsString": true, - "values": [ - { - "value": "Required", - "description": "The field and/or values are required by policy." - }, - { - "value": "Removed", - "description": "The field will be removed by policy." - }, - { - "value": "Deny", - "description": "The field and/or values will be denied by policy." - } - ] - }, - "readOnly": true - }, - "defaultValue": { - "description": "The value that policy will set for the field if the user does not provide a value.", - "type": "string", - "readOnly": true - }, - "values": { - "description": "The values that policy either requires or denies for the field.", - "type": "array", - "items": { - "type": "string" - }, - "readOnly": true - }, - "policy": { - "description": "The details of the policy that is causing the field restriction.", - "$ref": "#/definitions/PolicyReference", - "readOnly": true - } - } + "required": [ + "resourceDetails" + ] + }, + "CheckRestrictionsResourceDetails": { + "description": "The information about the resource that will be evaluated.", + "properties": { + "resourceContent": { + "description": "The resource content. This should include whatever properties are already known and can be a partial set of all resource properties.", + "type": "object" + }, + "apiVersion": { + "description": "The api-version of the resource content.", + "type": "string" + }, + "scope": { + "description": "The scope where the resource is being created. For example, if the resource is a child resource this would be the parent resource's resource ID.", + "type": "string" + } }, - "PolicyEvaluationResult": { - "description": "The result of a non-compliant policy evaluation against the given resource content.", - "properties": { - "policyInfo": { - "description": "The details of the policy that was evaluated.", - "$ref": "#/definitions/PolicyReference", - "readOnly": true - }, - "evaluationResult": { - "description": "The result of the policy evaluation against the resource. This will typically be 'NonCompliant' but may contain other values if errors were encountered.", - "type": "string", - "readOnly": true - }, - "evaluationDetails": { - "description": "The detailed results of the policy expressions and values that were evaluated.", - "$ref": "../../stable/2019-10-01/policyStates.json#/definitions/PolicyEvaluationDetails", - "readOnly": true - } - } + "required": [ + "resourceContent" + ] + }, + "PendingField": { + "description": "A field that should be evaluated against Azure Policy to determine restrictions.", + "properties": { + "field": { + "description": "The name of the field. This can be a top-level property like 'name' or 'type' or an Azure Policy field alias.", + "type": "string" + }, + "values": { + "description": "The list of potential values for the field that should be evaluated against Azure Policy.", + "type": "array", + "items": { + "type": "string" + } + } }, - "PolicyReference": { - "description": "Resource identifiers for a policy.", - "properties": { - "policyDefinitionId": { - "description": "The resource identifier of the policy definition.", - "type": "string", - "readOnly": true - }, - "policySetDefinitionId": { - "description": "The resource identifier of the policy set definition.", - "type": "string", - "readOnly": true - }, - "policyDefinitionReferenceId": { - "description": "The reference identifier of a specific policy definition within a policy set definition.", - "type": "string", - "readOnly": true - }, - "policyAssignmentId": { - "description": "The resource identifier of the policy assignment.", - "type": "string", - "readOnly": true + "required": [ + "field" + ] + }, + "CheckRestrictionsResult": { + "description": "The result of a check policy restrictions evaluation on a resource.", + "properties": { + "fieldRestrictions": { + "description": "The restrictions that will be placed on various fields in the resource by policy.", + "type": "array", + "items": { + "$ref": "#/definitions/FieldRestrictions" + }, + "readOnly": true + }, + "contentEvaluationResult": { + "description": "Evaluation results for the provided partial resource content.", + "properties": { + "policyEvaluations": { + "description": "Policy evaluation results against the given resource content. This will indicate if the partial content that was provided will be denied as-is.", + "type": "array", + "items": { + "$ref": "#/definitions/PolicyEvaluationResult" + } } - } + }, + "readOnly": true + } + } + }, + "FieldRestrictions": { + "description": "The restrictions that will be placed on a field in the resource by policy.", + "properties": { + "field": { + "description": "The name of the field. This can be a top-level property like 'name' or 'type' or an Azure Policy field alias.", + "type": "string", + "readOnly": true + }, + "restrictions": { + "description": "The restrictions placed on that field by policy.", + "type": "array", + "items": { + "$ref": "#/definitions/FieldRestriction" + } + } + } + }, + "FieldRestriction": { + "description": "The restrictions on a field imposed by a specific policy.", + "properties": { + "result": { + "description": "The type of restriction that is imposed on the field.", + "type": "string", + "enum": [ + "Required", + "Removed", + "Deny" + ], + "x-ms-enum": { + "name": "FieldRestrictionResult", + "modelAsString": true, + "values": [ + { + "value": "Required", + "description": "The field and/or values are required by policy." + }, + { + "value": "Removed", + "description": "The field will be removed by policy." + }, + { + "value": "Deny", + "description": "The field and/or values will be denied by policy." + } + ] + }, + "readOnly": true + }, + "defaultValue": { + "description": "The value that policy will set for the field if the user does not provide a value.", + "type": "string", + "readOnly": true + }, + "values": { + "description": "The values that policy either requires or denies for the field.", + "type": "array", + "items": { + "type": "string" + }, + "readOnly": true + }, + "policy": { + "description": "The details of the policy that is causing the field restriction.", + "$ref": "#/definitions/PolicyReference", + "readOnly": true + } + } + }, + "PolicyEvaluationResult": { + "description": "The result of a non-compliant policy evaluation against the given resource content.", + "properties": { + "policyInfo": { + "description": "The details of the policy that was evaluated.", + "$ref": "#/definitions/PolicyReference", + "readOnly": true + }, + "evaluationResult": { + "description": "The result of the policy evaluation against the resource. This will typically be 'NonCompliant' but may contain other values if errors were encountered.", + "type": "string", + "readOnly": true + }, + "evaluationDetails": { + "description": "The detailed results of the policy expressions and values that were evaluated.", + "$ref": "../../stable/2019-10-01/policyStates.json#/definitions/PolicyEvaluationDetails", + "readOnly": true + } + } + }, + "PolicyReference": { + "description": "Resource identifiers for a policy.", + "properties": { + "policyDefinitionId": { + "description": "The resource identifier of the policy definition.", + "type": "string", + "readOnly": true + }, + "policySetDefinitionId": { + "description": "The resource identifier of the policy set definition.", + "type": "string", + "readOnly": true + }, + "policyDefinitionReferenceId": { + "description": "The reference identifier of a specific policy definition within a policy set definition.", + "type": "string", + "readOnly": true + }, + "policyAssignmentId": { + "description": "The resource identifier of the policy assignment.", + "type": "string", + "readOnly": true + } } - } -} \ No newline at end of file + } + } +} diff --git a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/examples/PolicyRestrictions_CheckAtResourceGroupScope.json b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/examples/PolicyRestrictions_CheckAtResourceGroupScope.json index 5e21a75a34a9..d90062bfc1bf 100644 --- a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/examples/PolicyRestrictions_CheckAtResourceGroupScope.json +++ b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/examples/PolicyRestrictions_CheckAtResourceGroupScope.json @@ -1,137 +1,137 @@ { - "parameters": { - "subscriptionId": "35ee058e-5fa0-414c-8145-3ebb8d09b6e2", - "resourceGroupName": "vmRg", - "api-version": "2020-07-01", - "parameters": { - "resourceDetails": { - "resourceContent": { - "type": "Microsoft.Compute/virtualMachines", - "properties": { - "priority": "Spot" - } - }, - "apiVersion": "2019-12-01" - }, - "pendingFields": [ - { - "field": "name", - "values": [ - "myVMName" - ] - }, - { - "field": "location", - "values": [ + "parameters": { + "subscriptionId": "35ee058e-5fa0-414c-8145-3ebb8d09b6e2", + "resourceGroupName": "vmRg", + "api-version": "2020-07-01", + "parameters": { + "resourceDetails": { + "resourceContent": { + "type": "Microsoft.Compute/virtualMachines", + "properties": { + "priority": "Spot" + } + }, + "apiVersion": "2019-12-01" + }, + "pendingFields": [ + { + "field": "name", + "values": [ + "myVMName" + ] + }, + { + "field": "location", + "values": [ + "eastus", + "westus", + "westus2", + "westeurope" + ] + }, + { + "field": "tags" + } + ] + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "fieldRestrictions": [ + { + "field": "tags.newtag", + "restrictions": [ + { + "result": "Required", + "defaultValue": "defaultVal", + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/1D0906C3", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/57DAC8A0", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/05D92080", + "policyDefinitionReferenceId": "DefRef" + } + } + ] + }, + { + "field": "tags.environment", + "restrictions": [ + { + "result": "Required", + "values": [ + "Prod", + "Int", + "Test" + ], + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/30BD79F6", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/7EB1508A", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/735551F1", + "policyDefinitionReferenceId": "DefRef" + } + } + ] + }, + { + "field": "location", + "restrictions": [ + { + "result": "Deny", + "values": [ + "west europe" + ], + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/0711CCC1", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/1563EBD3", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/1E17783A", + "policyDefinitionReferenceId": "DefRef" + } + }, + { + "result": "Deny", + "values": [ "eastus", - "westus", - "westus2", - "westeurope" - ] - }, + "westus" + ], + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/25C9F66B", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/5382A69D", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/392D107B", + "policyDefinitionReferenceId": "DefRef" + } + } + ] + } + ], + "contentEvaluationResult": { + "policyEvaluations": [ { - "field": "tags" - } - ] - } - }, - "responses": { - "200": { - "headers": {}, - "body": { - "fieldRestrictions": [ - { - "field": "tags.newtag", - "restrictions": [ - { - "result": "Required", - "defaultValue": "defaultVal", - "policy": { - "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/1D0906C3", - "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/57DAC8A0", - "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/05D92080", - "policyDefinitionReferenceId": "DefRef" - } - } - ] - }, - { - "field": "tags.environment", - "restrictions": [ - { - "result": "Required", - "values": [ - "Prod", - "Int", - "Test" - ], - "policy": { - "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/30BD79F6", - "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/7EB1508A", - "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/735551F1", - "policyDefinitionReferenceId": "DefRef" - } - } - ] - }, - { - "field": "location", - "restrictions": [ - { - "result": "Deny", - "values": [ - "west europe" - ], - "policy": { - "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/0711CCC1", - "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/1563EBD3", - "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/1E17783A", - "policyDefinitionReferenceId": "DefRef" - } - }, - { - "result": "Deny", - "values": [ - "eastus", - "westus" - ], - "policy": { - "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/25C9F66B", - "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/5382A69D", - "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/392D107B", - "policyDefinitionReferenceId": "DefRef" - } - } - ] - } - ], - "contentEvaluationResult": { - "policyEvaluations": [ + "policyInfo": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/435CAE41", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/2162358E", + "policyDefinitionReferenceId": "defref222", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/2FF66C37" + }, + "evaluationResult": "NonCompliant", + "evaluationDetails": { + "evaluatedExpressions": [ { - "policyInfo": { - "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/435CAE41", - "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/2162358E", - "policyDefinitionReferenceId": "defref222", - "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/2FF66C37" - }, - "evaluationResult": "NonCompliant", - "evaluationDetails": { - "evaluatedExpressions": [ - { - "result": "True", - "expressionKind": "field", - "expression": "type", - "path": "type", - "expressionValue": "microsoft.compute/virtualmachines", - "targetValue": "microsoft.compute/virtualmachines", - "operator": "equals" - } - ] - } + "result": "True", + "expressionKind": "field", + "expression": "type", + "path": "type", + "expressionValue": "microsoft.compute/virtualmachines", + "targetValue": "microsoft.compute/virtualmachines", + "operator": "equals" } - ] + ] + } } - } + ] + } } - } -} \ No newline at end of file + } + } +} diff --git a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/examples/PolicyRestrictions_CheckAtSubscriptionScope.json b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/examples/PolicyRestrictions_CheckAtSubscriptionScope.json index 7e2de16df1e0..fd0e34342f3f 100644 --- a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/examples/PolicyRestrictions_CheckAtSubscriptionScope.json +++ b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/examples/PolicyRestrictions_CheckAtSubscriptionScope.json @@ -1,136 +1,136 @@ { - "parameters": { - "subscriptionId": "35ee058e-5fa0-414c-8145-3ebb8d09b6e2", - "api-version": "2020-07-01", - "parameters": { - "resourceDetails": { - "resourceContent": { - "type": "Microsoft.Compute/virtualMachines", - "properties": { - "priority": "Spot" - } - }, - "apiVersion": "2019-12-01" - }, - "pendingFields": [ - { - "field": "name", - "values": [ - "myVMName" - ] - }, - { - "field": "location", - "values": [ + "parameters": { + "subscriptionId": "35ee058e-5fa0-414c-8145-3ebb8d09b6e2", + "api-version": "2020-07-01", + "parameters": { + "resourceDetails": { + "resourceContent": { + "type": "Microsoft.Compute/virtualMachines", + "properties": { + "priority": "Spot" + } + }, + "apiVersion": "2019-12-01" + }, + "pendingFields": [ + { + "field": "name", + "values": [ + "myVMName" + ] + }, + { + "field": "location", + "values": [ + "eastus", + "westus", + "westus2", + "westeurope" + ] + }, + { + "field": "tags" + } + ] + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "fieldRestrictions": [ + { + "field": "tags.newtag", + "restrictions": [ + { + "result": "Required", + "defaultValue": "defaultVal", + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/1D0906C3", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/57DAC8A0", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/05D92080", + "policyDefinitionReferenceId": "DefRef" + } + } + ] + }, + { + "field": "tags.environment", + "restrictions": [ + { + "result": "Required", + "values": [ + "Prod", + "Int", + "Test" + ], + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/30BD79F6", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/7EB1508A", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/735551F1", + "policyDefinitionReferenceId": "DefRef" + } + } + ] + }, + { + "field": "location", + "restrictions": [ + { + "result": "Deny", + "values": [ + "west europe" + ], + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/0711CCC1", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/1563EBD3", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/1E17783A", + "policyDefinitionReferenceId": "DefRef" + } + }, + { + "result": "Deny", + "values": [ "eastus", - "westus", - "westus2", - "westeurope" - ] - }, + "westus" + ], + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/25C9F66B", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/5382A69D", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/392D107B", + "policyDefinitionReferenceId": "DefRef" + } + } + ] + } + ], + "contentEvaluationResult": { + "policyEvaluations": [ { - "field": "tags" - } - ] - } - }, - "responses": { - "200": { - "headers": {}, - "body": { - "fieldRestrictions": [ - { - "field": "tags.newtag", - "restrictions": [ - { - "result": "Required", - "defaultValue": "defaultVal", - "policy": { - "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/1D0906C3", - "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/57DAC8A0", - "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/05D92080", - "policyDefinitionReferenceId": "DefRef" - } - } - ] - }, - { - "field": "tags.environment", - "restrictions": [ - { - "result": "Required", - "values": [ - "Prod", - "Int", - "Test" - ], - "policy": { - "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/30BD79F6", - "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/7EB1508A", - "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/735551F1", - "policyDefinitionReferenceId": "DefRef" - } - } - ] - }, - { - "field": "location", - "restrictions": [ - { - "result": "Deny", - "values": [ - "west europe" - ], - "policy": { - "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/0711CCC1", - "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/1563EBD3", - "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/1E17783A", - "policyDefinitionReferenceId": "DefRef" - } - }, - { - "result": "Deny", - "values": [ - "eastus", - "westus" - ], - "policy": { - "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/25C9F66B", - "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/5382A69D", - "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/392D107B", - "policyDefinitionReferenceId": "DefRef" - } - } - ] - } - ], - "contentEvaluationResult": { - "policyEvaluations": [ + "policyInfo": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/435CAE41", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/2162358E", + "policyDefinitionReferenceId": "defref222", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/2FF66C37" + }, + "evaluationResult": "NonCompliant", + "evaluationDetails": { + "evaluatedExpressions": [ { - "policyInfo": { - "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/435CAE41", - "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/2162358E", - "policyDefinitionReferenceId": "defref222", - "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/2FF66C37" - }, - "evaluationResult": "NonCompliant", - "evaluationDetails": { - "evaluatedExpressions": [ - { - "result": "True", - "expressionKind": "field", - "expression": "type", - "path": "type", - "expressionValue": "microsoft.compute/virtualmachines", - "targetValue": "microsoft.compute/virtualmachines", - "operator": "equals" - } - ] - } + "result": "True", + "expressionKind": "field", + "expression": "type", + "path": "type", + "expressionValue": "microsoft.compute/virtualmachines", + "targetValue": "microsoft.compute/virtualmachines", + "operator": "equals" } - ] + ] + } } - } + ] + } } - } -} \ No newline at end of file + } + } +}