diff --git a/specification/common-types/resource-management/v5/networksecurityperimeter.json b/specification/common-types/resource-management/v5/networksecurityperimeter.json new file mode 100644 index 000000000000..614eefcde3d9 --- /dev/null +++ b/specification/common-types/resource-management/v5/networksecurityperimeter.json @@ -0,0 +1,410 @@ +{ + "swagger": "2.0", + "host": "management.azure.com", + "schemes": [ + "https" + ], + "info": { + "version": "0000-00-00", + "title": "Network security perimeter common type definitions", + "description": "Common types for network security perimeters based on a shared API specification. These common, versioned type definitions are intended for resource providers (RPs, except Network RP) to use, and reuse, for defining their own API versions that share a set of type definitions that is consistent across providers.", + "contact": {} + }, + "paths": {}, + "definitions": { + "PublicNetworkAccess": { + "type": "string", + "description": "Allow, disallow, or let network security perimeter configuration control public network access to the protected resource. Value is optional but if passed in, it must be 'Enabled', 'Disabled' or 'SecuredByPerimeter'.", + "enum": [ + "Enabled", + "Disabled", + "SecuredByPerimeter" + ], + "x-ms-enum": { + "name": "PublicNetworkAccess", + "modelAsString": true, + "values": [ + { + "value": "Enabled", + "description": "Allows public network access to the resource" + }, + { + "value": "Disabled", + "description": "Disallows public network access to the resource" + }, + { + "value": "SecuredByPerimeter", + "description": "The network security perimeter configuration rules allow or disallow public network access to the resource. Requires an associated network security perimeter." + } + ] + } + }, + "NetworkSecurityPerimeterConfigurationListResult": { + "description": "Result of a list NSP (network security perimeter) configurations request.", + "type": "object", + "properties": { + "value": { + "description": "Array of network security perimeter results.", + "type": "array", + "items": { + "$ref": "#/definitions/NetworkSecurityPerimeterConfiguration" + } + }, + "nextLink": { + "description": "The link used to get the next page of results.", + "type": "string", + "format": "uri" + } + } + }, + "NetworkSecurityPerimeterConfiguration": { + "description": "Network security perimeter (NSP) configuration resource", + "type": "object", + "allOf": [ + { + "$ref": "./types.json#/definitions/ProxyResource" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/NetworkSecurityPerimeterConfigurationProperties" + } + } + }, + "NetworkSecurityPerimeterConfigurationProvisioningState": { + "description": "Provisioning state of a network security perimeter configuration that is being created or updated.", + "enum": [ + "Succeeded", + "Creating", + "Updating", + "Deleting", + "Accepted", + "Failed", + "Canceled" + ], + "type": "string", + "readOnly": true, + "x-ms-enum": { + "name": "NetworkSecurityPerimeterConfigurationProvisioningState", + "modelAsString": true + } + }, + "NetworkSecurityPerimeterConfigurationProperties": { + "description": "Network security configuration properties.", + "type": "object", + "properties": { + "provisioningState": { + "readOnly": true, + "$ref": "#/definitions/NetworkSecurityPerimeterConfigurationProvisioningState" + }, + "provisioningIssues": { + "description": "List of provisioning issues, if any", + "type": "array", + "readOnly": true, + "items": { + "$ref": "#/definitions/ProvisioningIssue" + }, + "x-ms-identifiers": [] + }, + "networkSecurityPerimeter": { + "$ref": "#/definitions/NetworkSecurityPerimeter" + }, + "resourceAssociation": { + "$ref": "#/definitions/ResourceAssociation" + }, + "profile": { + "$ref": "#/definitions/NetworkSecurityProfile" + } + } + }, + "ProvisioningIssue": { + "description": "Describes provisioning issue for a network security perimeter configuration", + "type": "object", + "readOnly": true, + "properties": { + "name": { + "description": "Name of the issue", + "type": "string", + "readOnly": true + }, + "properties": { + "$ref": "#/definitions/ProvisioningIssueProperties" + } + } + }, + "ProvisioningIssueProperties": { + "description": "Properties of a provisioning issue", + "type": "object", + "readOnly": true, + "properties": { + "issueType": { + "description": "Type of issue", + "type": "string", + "readOnly": true, + "enum": [ + "Unknown", + "ConfigurationPropagationFailure" + ], + "x-ms-enum": { + "name": "IssueType", + "modelAsString": true, + "values": [ + { + "value": "Unknown", + "description": "Unknown issue type" + }, + { + "value": "ConfigurationPropagationFailure", + "description": "An error occurred while applying the configuration." + } + ] + } + }, + "severity": { + "description": "Severity of the issue.", + "enum": [ + "Warning", + "Error" + ], + "type": "string", + "readOnly": true, + "x-ms-enum": { + "name": "Severity", + "modelAsString": true + } + }, + "description": { + "description": "Description of the issue", + "type": "string", + "readOnly": true + }, + "suggestedResourceIds": { + "description": "Fully qualified resource IDs of resources that can be associated to the same perimeter to remediate the issue.", + "type": "array", + "readOnly": true, + "items": { + "description": "Fully qualified resource ID of the suggested resource", + "type": "string", + "format": "arm-id", + "readOnly": true + } + }, + "suggestedAccessRules": { + "description": "Access rules that can be added to the same profile to remediate the issue.", + "type": "array", + "readOnly": true, + "items": { + "$ref": "#/definitions/AccessRule" + }, + "x-ms-identifiers": [] + } + } + }, + "NetworkSecurityPerimeter": { + "description": "Information about a network security perimeter (NSP)", + "type": "object", + "properties": { + "id": { + "description": "Fully qualified Azure resource ID of the NSP resource", + "type": "string", + "format": "arm-id", + "x-ms-arm-id-details": { + "allowedResources": [ + { + "resourceType": "Microsoft.Network/networkSecurityPerimeters" + } + ] + } + }, + "perimeterGuid": { + "description": "Universal unique ID (UUID) of the network security perimeter", + "type": "string", + "format": "uuid" + }, + "location": { + "description": "Location of the network security perimeter", + "type": "string", + "x-ms-mutability": [ + "create", + "read" + ] + } + } + }, + "ResourceAssociationAccessMode": { + "description": "Access mode of the resource association", + "enum": [ + "Enforced", + "Learning", + "Audit" + ], + "type": "string", + "x-ms-enum": { + "name": "ResourceAssociationAccessMode", + "modelAsString": true, + "values": [ + { + "value": "Enforced", + "description": "Enforced access mode - traffic to the resource that failed access checks is blocked" + }, + { + "value": "Learning", + "description": "Learning access mode - traffic to the resource is enabled for analysis but not blocked" + }, + { + "value": "Audit", + "description": "Audit access mode - traffic to the resource that fails access checks is logged but not blocked" + } + ] + } + }, + "ResourceAssociation": { + "description": "Information about resource association", + "type": "object", + "properties": { + "name": { + "description": "Name of the resource association", + "type": "string" + }, + "accessMode": { + "$ref": "#/definitions/ResourceAssociationAccessMode" + } + } + }, + "NetworkSecurityProfile": { + "description": "Network security perimeter configuration profile", + "type": "object", + "properties": { + "name": { + "description": "Name of the profile", + "type": "string" + }, + "accessRulesVersion": { + "description": "Current access rules version", + "type": "integer", + "format": "int32" + }, + "accessRules": { + "description": "List of Access Rules", + "type": "array", + "items": { + "$ref": "#/definitions/AccessRule" + }, + "x-ms-identifiers": [ + "name" + ] + } + } + }, + "AccessRule": { + "description": "Access rule in a network security perimeter configuration profile", + "type": "object", + "properties": { + "name": { + "description": "Name of the access rule", + "type": "string" + }, + "properties": { + "$ref": "#/definitions/AccessRuleProperties" + } + } + }, + "AccessRuleDirection": { + "description": "Direction of Access Rule", + "enum": [ + "Inbound", + "Outbound" + ], + "type": "string", + "x-ms-enum": { + "name": "AccessRuleDirection", + "modelAsString": true, + "values": [ + { + "value": "Inbound", + "description": "Applies to inbound network traffic to the secured resources." + }, + { + "value": "Outbound", + "description": "Applies to outbound network traffic from the secured resources" + } + ] + } + }, + "AccessRuleProperties": { + "description": "Properties of Access Rule", + "type": "object", + "properties": { + "direction": { + "$ref": "#/definitions/AccessRuleDirection" + }, + "addressPrefixes": { + "description": "Address prefixes in the CIDR format for inbound rules", + "type": "array", + "items": { + "description": "An IP address prefix (CIDR) for inbound rules", + "type": "string" + } + }, + "subscriptions": { + "description": "Subscriptions for inbound rules", + "type": "array", + "items": { + "description": "Subscription identifiers", + "type": "object", + "properties": { + "id": { + "description": "The fully qualified Azure resource ID of the subscription e.g. ('/subscriptions/00000000-0000-0000-0000-000000000000') ", + "type": "string", + "format": "arm-id" + } + } + } + }, + "networkSecurityPerimeters": { + "description": "Network security perimeters for inbound rules", + "type": "array", + "items": { + "$ref": "#/definitions/NetworkSecurityPerimeter" + } + }, + "fullyQualifiedDomainNames": { + "description": "Fully qualified domain names (FQDN) for outbound rules", + "type": "array", + "items": { + "description": "A fully qualified domain name (FQDN)", + "type": "string" + } + }, + "emailAddresses": { + "description": "Email addresses for outbound rules", + "type": "array", + "items": { + "description": "An email address", + "type": "string" + } + }, + "phoneNumbers": { + "description": "Phone numbers for outbound rules", + "type": "array", + "items": { + "description": "A phone number", + "type": "string" + } + } + } + } + }, + "parameters": { + "NetworkSecurityPerimeterConfigurationNameParameter": { + "name": "networkSecurityPerimeterConfigurationName", + "in": "path", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 512, + "x-ms-parameter-location": "method", + "description": "The name for a network security perimeter configuration" + } + } +}