-
Notifications
You must be signed in to change notification settings - Fork 5.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Microsoft.PolicyInsights/checkPolicyRestrictions API #10798
Merged
jianyexi
merged 6 commits into
Azure:master
from
pilor:cheggert/checkPolicyRestrictions
Nov 18, 2020
Merged
Changes from 5 commits
Commits
Show all changes
6 commits
Select commit
Hold shift + click to select a range
7abd0f5
CheckPolicyRestrictions API
pilor 1144249
Run prettier
pilor 2f8804f
Merge remote-tracking branch 'upstream/master' into cheggert/checkPol…
pilor 2ce955a
Increment package version
pilor 7dd5748
Remove from old tag
pilor bfd00ba
Remove suppression
pilor File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
320 changes: 320 additions & 0 deletions
320
.../resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/checkPolicyRestrictions.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,320 @@ | ||
| { | ||
| "swagger": "2.0", | ||
| "info": { | ||
| "title": "CheckPolicyRestrictionsClient", | ||
| "version": "2020-07-01" | ||
| }, | ||
| "host": "management.azure.com", | ||
| "schemes": [ | ||
| "https" | ||
| ], | ||
| "produces": [ | ||
| "application/json" | ||
| ], | ||
| "security": [ | ||
| { | ||
| "azure_auth": [ | ||
| "user_impersonation" | ||
| ] | ||
| } | ||
| ], | ||
| "securityDefinitions": { | ||
| "azure_auth": { | ||
| "type": "oauth2", | ||
| "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", | ||
| "flow": "implicit", | ||
| "description": "Azure Active Directory OAuth2 Flow", | ||
| "scopes": { | ||
| "user_impersonation": "impersonate your user account" | ||
| } | ||
| } | ||
| }, | ||
| "paths": { | ||
| "/subscriptions/{subscriptionId}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions": { | ||
| "post": { | ||
| "operationId": "PolicyRestrictions_CheckAtSubscriptionScope", | ||
| "description": "Checks what restrictions Azure Policy will place on a resource within a subscription.", | ||
| "parameters": [ | ||
| { | ||
| "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" | ||
| }, | ||
| { | ||
| "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" | ||
| }, | ||
| { | ||
| "name": "parameters", | ||
| "in": "body", | ||
| "required": true, | ||
| "schema": { | ||
| "$ref": "#/definitions/CheckRestrictionsRequest" | ||
| }, | ||
| "description": "The check policy restrictions parameters." | ||
| } | ||
| ], | ||
| "responses": { | ||
| "200": { | ||
| "description": "The restrictions that will be placed on the resource by Azure Policy.", | ||
| "schema": { | ||
| "$ref": "#/definitions/CheckRestrictionsResult" | ||
| } | ||
| }, | ||
| "default": { | ||
| "description": "Error response describing why the operation failed.", | ||
| "schema": { | ||
| "$ref": "../../stable/2019-10-01/policyMetadata.json#/definitions/ErrorResponse" | ||
| } | ||
| } | ||
| }, | ||
| "x-ms-examples": { | ||
| "Check policy restrictions at subscription scope": { | ||
| "$ref": "./examples/PolicyRestrictions_CheckAtSubscriptionScope.json" | ||
| } | ||
| } | ||
| } | ||
| }, | ||
| "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions": { | ||
| "post": { | ||
| "operationId": "PolicyRestrictions_CheckAtResourceGroupScope", | ||
| "description": "Checks what restrictions Azure Policy will place on a resource within a resource group. Use this when the resource group the resource will be created in is already known.", | ||
| "parameters": [ | ||
| { | ||
| "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" | ||
| }, | ||
| { | ||
| "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" | ||
| }, | ||
| { | ||
| "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" | ||
| }, | ||
| { | ||
| "name": "parameters", | ||
| "in": "body", | ||
| "required": true, | ||
| "schema": { | ||
| "$ref": "#/definitions/CheckRestrictionsRequest" | ||
| }, | ||
| "description": "The check policy restrictions parameters." | ||
| } | ||
| ], | ||
| "responses": { | ||
| "200": { | ||
| "description": "The restrictions that will be placed on the resource by Azure Policy.", | ||
| "schema": { | ||
| "$ref": "#/definitions/CheckRestrictionsResult" | ||
| } | ||
| }, | ||
| "default": { | ||
| "description": "Error response describing why the operation failed.", | ||
| "schema": { | ||
| "$ref": "../../stable/2019-10-01/policyMetadata.json#/definitions/ErrorResponse" | ||
| } | ||
| } | ||
| }, | ||
| "x-ms-examples": { | ||
| "Check policy restrictions at resource group scope": { | ||
| "$ref": "./examples/PolicyRestrictions_CheckAtResourceGroupScope.json" | ||
| } | ||
| } | ||
| } | ||
| } | ||
| }, | ||
| "definitions": { | ||
| "CheckRestrictionsRequest": { | ||
| "description": "The check policy restrictions parameters describing the resource that is being evaluated.", | ||
| "properties": { | ||
| "resourceDetails": { | ||
| "description": "The information about the resource that will be evaluated.", | ||
| "$ref": "#/definitions/CheckRestrictionsResourceDetails" | ||
| }, | ||
| "pendingFields": { | ||
| "description": "The list of fields and values that should be evaluated for potential restrictions.", | ||
| "type": "array", | ||
| "items": { | ||
| "$ref": "#/definitions/PendingField" | ||
| } | ||
| } | ||
| }, | ||
| "required": [ | ||
| "resourceDetails" | ||
| ] | ||
| }, | ||
| "CheckRestrictionsResourceDetails": { | ||
| "description": "The information about the resource that will be evaluated.", | ||
| "properties": { | ||
| "resourceContent": { | ||
| "description": "The resource content. This should include whatever properties are already known and can be a partial set of all resource properties.", | ||
| "type": "object" | ||
| }, | ||
| "apiVersion": { | ||
| "description": "The api-version of the resource content.", | ||
| "type": "string" | ||
| }, | ||
| "scope": { | ||
| "description": "The scope where the resource is being created. For example, if the resource is a child resource this would be the parent resource's resource ID.", | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "required": [ | ||
| "resourceContent" | ||
| ] | ||
| }, | ||
| "PendingField": { | ||
| "description": "A field that should be evaluated against Azure Policy to determine restrictions.", | ||
| "properties": { | ||
| "field": { | ||
| "description": "The name of the field. This can be a top-level property like 'name' or 'type' or an Azure Policy field alias.", | ||
| "type": "string" | ||
| }, | ||
| "values": { | ||
| "description": "The list of potential values for the field that should be evaluated against Azure Policy.", | ||
| "type": "array", | ||
| "items": { | ||
| "type": "string" | ||
| } | ||
| } | ||
| }, | ||
| "required": [ | ||
| "field" | ||
| ] | ||
| }, | ||
| "CheckRestrictionsResult": { | ||
| "description": "The result of a check policy restrictions evaluation on a resource.", | ||
| "properties": { | ||
| "fieldRestrictions": { | ||
| "description": "The restrictions that will be placed on various fields in the resource by policy.", | ||
| "type": "array", | ||
| "items": { | ||
| "$ref": "#/definitions/FieldRestrictions" | ||
| }, | ||
| "readOnly": true | ||
| }, | ||
| "contentEvaluationResult": { | ||
| "description": "Evaluation results for the provided partial resource content.", | ||
| "properties": { | ||
| "policyEvaluations": { | ||
| "description": "Policy evaluation results against the given resource content. This will indicate if the partial content that was provided will be denied as-is.", | ||
| "type": "array", | ||
| "items": { | ||
| "$ref": "#/definitions/PolicyEvaluationResult" | ||
| } | ||
| } | ||
| }, | ||
| "readOnly": true | ||
| } | ||
| } | ||
| }, | ||
| "FieldRestrictions": { | ||
| "description": "The restrictions that will be placed on a field in the resource by policy.", | ||
| "properties": { | ||
| "field": { | ||
| "description": "The name of the field. This can be a top-level property like 'name' or 'type' or an Azure Policy field alias.", | ||
| "type": "string", | ||
| "readOnly": true | ||
| }, | ||
| "restrictions": { | ||
| "description": "The restrictions placed on that field by policy.", | ||
| "type": "array", | ||
| "items": { | ||
| "$ref": "#/definitions/FieldRestriction" | ||
| } | ||
| } | ||
| } | ||
| }, | ||
| "FieldRestriction": { | ||
| "description": "The restrictions on a field imposed by a specific policy.", | ||
| "properties": { | ||
| "result": { | ||
| "description": "The type of restriction that is imposed on the field.", | ||
| "type": "string", | ||
| "enum": [ | ||
| "Required", | ||
| "Removed", | ||
| "Deny" | ||
| ], | ||
| "x-ms-enum": { | ||
| "name": "FieldRestrictionResult", | ||
| "modelAsString": true, | ||
| "values": [ | ||
| { | ||
| "value": "Required", | ||
| "description": "The field and/or values are required by policy." | ||
| }, | ||
| { | ||
| "value": "Removed", | ||
| "description": "The field will be removed by policy." | ||
| }, | ||
| { | ||
| "value": "Deny", | ||
| "description": "The field and/or values will be denied by policy." | ||
| } | ||
| ] | ||
| }, | ||
| "readOnly": true | ||
| }, | ||
| "defaultValue": { | ||
| "description": "The value that policy will set for the field if the user does not provide a value.", | ||
| "type": "string", | ||
| "readOnly": true | ||
| }, | ||
| "values": { | ||
| "description": "The values that policy either requires or denies for the field.", | ||
| "type": "array", | ||
| "items": { | ||
| "type": "string" | ||
| }, | ||
| "readOnly": true | ||
| }, | ||
| "policy": { | ||
| "description": "The details of the policy that is causing the field restriction.", | ||
| "$ref": "#/definitions/PolicyReference", | ||
| "readOnly": true | ||
| } | ||
| } | ||
| }, | ||
| "PolicyEvaluationResult": { | ||
| "description": "The result of a non-compliant policy evaluation against the given resource content.", | ||
| "properties": { | ||
| "policyInfo": { | ||
| "description": "The details of the policy that was evaluated.", | ||
| "$ref": "#/definitions/PolicyReference", | ||
| "readOnly": true | ||
| }, | ||
| "evaluationResult": { | ||
| "description": "The result of the policy evaluation against the resource. This will typically be 'NonCompliant' but may contain other values if errors were encountered.", | ||
| "type": "string", | ||
| "readOnly": true | ||
| }, | ||
| "evaluationDetails": { | ||
| "description": "The detailed results of the policy expressions and values that were evaluated.", | ||
| "$ref": "../../stable/2019-10-01/policyStates.json#/definitions/PolicyEvaluationDetails", | ||
| "readOnly": true | ||
| } | ||
| } | ||
| }, | ||
| "PolicyReference": { | ||
| "description": "Resource identifiers for a policy.", | ||
| "properties": { | ||
| "policyDefinitionId": { | ||
| "description": "The resource identifier of the policy definition.", | ||
| "type": "string", | ||
| "readOnly": true | ||
| }, | ||
| "policySetDefinitionId": { | ||
| "description": "The resource identifier of the policy set definition.", | ||
| "type": "string", | ||
| "readOnly": true | ||
| }, | ||
| "policyDefinitionReferenceId": { | ||
| "description": "The reference identifier of a specific policy definition within a policy set definition.", | ||
| "type": "string", | ||
| "readOnly": true | ||
| }, | ||
| "policyAssignmentId": { | ||
| "description": "The resource identifier of the policy assignment.", | ||
| "type": "string", | ||
| "readOnly": true | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was an oversight in the previous swagger spec. The readonly property has been part of the API response from the time the api-version was introduced.