From b86ceb91bb6d67198a307b4770802863cea8fcd4 Mon Sep 17 00:00:00 2001 From: Elad Perets Date: Tue, 1 Mar 2022 12:18:06 -0800 Subject: [PATCH 1/3] Copy 2020-07-01 files --- .../2022-03-01/checkPolicyRestrictions.json | 320 ++++++++++++++++++ ...estrictions_CheckAtResourceGroupScope.json | 137 ++++++++ ...Restrictions_CheckAtSubscriptionScope.json | 136 ++++++++ 3 files changed, 593 insertions(+) create mode 100644 specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/checkPolicyRestrictions.json create mode 100644 specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/examples/PolicyRestrictions_CheckAtResourceGroupScope.json create mode 100644 specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/examples/PolicyRestrictions_CheckAtSubscriptionScope.json diff --git a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/checkPolicyRestrictions.json b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/checkPolicyRestrictions.json new file mode 100644 index 000000000000..f1bf4d7106fd --- /dev/null +++ b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/checkPolicyRestrictions.json @@ -0,0 +1,320 @@ +{ + "swagger": "2.0", + "info": { + "title": "CheckPolicyRestrictionsClient", + "version": "2020-07-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions": { + "post": { + "operationId": "PolicyRestrictions_CheckAtSubscriptionScope", + "description": "Checks what restrictions Azure Policy will place on a resource within a subscription.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/CheckRestrictionsRequest" + }, + "description": "The check policy restrictions parameters." + } + ], + "responses": { + "200": { + "description": "The restrictions that will be placed on the resource by Azure Policy.", + "schema": { + "$ref": "#/definitions/CheckRestrictionsResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../stable/2019-10-01/policyMetadata.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Check policy restrictions at subscription scope": { + "$ref": "./examples/PolicyRestrictions_CheckAtSubscriptionScope.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions": { + "post": { + "operationId": "PolicyRestrictions_CheckAtResourceGroupScope", + "description": "Checks what restrictions Azure Policy will place on a resource within a resource group. Use this when the resource group the resource will be created in is already known.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/CheckRestrictionsRequest" + }, + "description": "The check policy restrictions parameters." + } + ], + "responses": { + "200": { + "description": "The restrictions that will be placed on the resource by Azure Policy.", + "schema": { + "$ref": "#/definitions/CheckRestrictionsResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../stable/2019-10-01/policyMetadata.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Check policy restrictions at resource group scope": { + "$ref": "./examples/PolicyRestrictions_CheckAtResourceGroupScope.json" + } + } + } + } + }, + "definitions": { + "CheckRestrictionsRequest": { + "description": "The check policy restrictions parameters describing the resource that is being evaluated.", + "properties": { + "resourceDetails": { + "description": "The information about the resource that will be evaluated.", + "$ref": "#/definitions/CheckRestrictionsResourceDetails" + }, + "pendingFields": { + "description": "The list of fields and values that should be evaluated for potential restrictions.", + "type": "array", + "items": { + "$ref": "#/definitions/PendingField" + } + } + }, + "required": [ + "resourceDetails" + ] + }, + "CheckRestrictionsResourceDetails": { + "description": "The information about the resource that will be evaluated.", + "properties": { + "resourceContent": { + "description": "The resource content. This should include whatever properties are already known and can be a partial set of all resource properties.", + "type": "object" + }, + "apiVersion": { + "description": "The api-version of the resource content.", + "type": "string" + }, + "scope": { + "description": "The scope where the resource is being created. For example, if the resource is a child resource this would be the parent resource's resource ID.", + "type": "string" + } + }, + "required": [ + "resourceContent" + ] + }, + "PendingField": { + "description": "A field that should be evaluated against Azure Policy to determine restrictions.", + "properties": { + "field": { + "description": "The name of the field. This can be a top-level property like 'name' or 'type' or an Azure Policy field alias.", + "type": "string" + }, + "values": { + "description": "The list of potential values for the field that should be evaluated against Azure Policy.", + "type": "array", + "items": { + "type": "string" + } + } + }, + "required": [ + "field" + ] + }, + "CheckRestrictionsResult": { + "description": "The result of a check policy restrictions evaluation on a resource.", + "properties": { + "fieldRestrictions": { + "description": "The restrictions that will be placed on various fields in the resource by policy.", + "type": "array", + "items": { + "$ref": "#/definitions/FieldRestrictions" + }, + "readOnly": true + }, + "contentEvaluationResult": { + "description": "Evaluation results for the provided partial resource content.", + "properties": { + "policyEvaluations": { + "description": "Policy evaluation results against the given resource content. This will indicate if the partial content that was provided will be denied as-is.", + "type": "array", + "items": { + "$ref": "#/definitions/PolicyEvaluationResult" + } + } + }, + "readOnly": true + } + } + }, + "FieldRestrictions": { + "description": "The restrictions that will be placed on a field in the resource by policy.", + "properties": { + "field": { + "description": "The name of the field. This can be a top-level property like 'name' or 'type' or an Azure Policy field alias.", + "type": "string", + "readOnly": true + }, + "restrictions": { + "description": "The restrictions placed on that field by policy.", + "type": "array", + "items": { + "$ref": "#/definitions/FieldRestriction" + } + } + } + }, + "FieldRestriction": { + "description": "The restrictions on a field imposed by a specific policy.", + "properties": { + "result": { + "description": "The type of restriction that is imposed on the field.", + "type": "string", + "enum": [ + "Required", + "Removed", + "Deny" + ], + "x-ms-enum": { + "name": "FieldRestrictionResult", + "modelAsString": true, + "values": [ + { + "value": "Required", + "description": "The field and/or values are required by policy." + }, + { + "value": "Removed", + "description": "The field will be removed by policy." + }, + { + "value": "Deny", + "description": "The field and/or values will be denied by policy." + } + ] + }, + "readOnly": true + }, + "defaultValue": { + "description": "The value that policy will set for the field if the user does not provide a value.", + "type": "string", + "readOnly": true + }, + "values": { + "description": "The values that policy either requires or denies for the field.", + "type": "array", + "items": { + "type": "string" + }, + "readOnly": true + }, + "policy": { + "description": "The details of the policy that is causing the field restriction.", + "$ref": "#/definitions/PolicyReference", + "readOnly": true + } + } + }, + "PolicyEvaluationResult": { + "description": "The result of a non-compliant policy evaluation against the given resource content.", + "properties": { + "policyInfo": { + "description": "The details of the policy that was evaluated.", + "$ref": "#/definitions/PolicyReference", + "readOnly": true + }, + "evaluationResult": { + "description": "The result of the policy evaluation against the resource. This will typically be 'NonCompliant' but may contain other values if errors were encountered.", + "type": "string", + "readOnly": true + }, + "evaluationDetails": { + "description": "The detailed results of the policy expressions and values that were evaluated.", + "$ref": "../../stable/2019-10-01/policyStates.json#/definitions/PolicyEvaluationDetails", + "readOnly": true + } + } + }, + "PolicyReference": { + "description": "Resource identifiers for a policy.", + "properties": { + "policyDefinitionId": { + "description": "The resource identifier of the policy definition.", + "type": "string", + "readOnly": true + }, + "policySetDefinitionId": { + "description": "The resource identifier of the policy set definition.", + "type": "string", + "readOnly": true + }, + "policyDefinitionReferenceId": { + "description": "The reference identifier of a specific policy definition within a policy set definition.", + "type": "string", + "readOnly": true + }, + "policyAssignmentId": { + "description": "The resource identifier of the policy assignment.", + "type": "string", + "readOnly": true + } + } + } + } +} diff --git a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/examples/PolicyRestrictions_CheckAtResourceGroupScope.json b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/examples/PolicyRestrictions_CheckAtResourceGroupScope.json new file mode 100644 index 000000000000..d90062bfc1bf --- /dev/null +++ b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/examples/PolicyRestrictions_CheckAtResourceGroupScope.json @@ -0,0 +1,137 @@ +{ + "parameters": { + "subscriptionId": "35ee058e-5fa0-414c-8145-3ebb8d09b6e2", + "resourceGroupName": "vmRg", + "api-version": "2020-07-01", + "parameters": { + "resourceDetails": { + "resourceContent": { + "type": "Microsoft.Compute/virtualMachines", + "properties": { + "priority": "Spot" + } + }, + "apiVersion": "2019-12-01" + }, + "pendingFields": [ + { + "field": "name", + "values": [ + "myVMName" + ] + }, + { + "field": "location", + "values": [ + "eastus", + "westus", + "westus2", + "westeurope" + ] + }, + { + "field": "tags" + } + ] + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "fieldRestrictions": [ + { + "field": "tags.newtag", + "restrictions": [ + { + "result": "Required", + "defaultValue": "defaultVal", + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/1D0906C3", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/57DAC8A0", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/05D92080", + "policyDefinitionReferenceId": "DefRef" + } + } + ] + }, + { + "field": "tags.environment", + "restrictions": [ + { + "result": "Required", + "values": [ + "Prod", + "Int", + "Test" + ], + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/30BD79F6", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/7EB1508A", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/735551F1", + "policyDefinitionReferenceId": "DefRef" + } + } + ] + }, + { + "field": "location", + "restrictions": [ + { + "result": "Deny", + "values": [ + "west europe" + ], + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/0711CCC1", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/1563EBD3", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/1E17783A", + "policyDefinitionReferenceId": "DefRef" + } + }, + { + "result": "Deny", + "values": [ + "eastus", + "westus" + ], + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/25C9F66B", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/5382A69D", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/392D107B", + "policyDefinitionReferenceId": "DefRef" + } + } + ] + } + ], + "contentEvaluationResult": { + "policyEvaluations": [ + { + "policyInfo": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/435CAE41", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/2162358E", + "policyDefinitionReferenceId": "defref222", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/2FF66C37" + }, + "evaluationResult": "NonCompliant", + "evaluationDetails": { + "evaluatedExpressions": [ + { + "result": "True", + "expressionKind": "field", + "expression": "type", + "path": "type", + "expressionValue": "microsoft.compute/virtualmachines", + "targetValue": "microsoft.compute/virtualmachines", + "operator": "equals" + } + ] + } + } + ] + } + } + } + } +} diff --git a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/examples/PolicyRestrictions_CheckAtSubscriptionScope.json b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/examples/PolicyRestrictions_CheckAtSubscriptionScope.json new file mode 100644 index 000000000000..fd0e34342f3f --- /dev/null +++ b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/examples/PolicyRestrictions_CheckAtSubscriptionScope.json @@ -0,0 +1,136 @@ +{ + "parameters": { + "subscriptionId": "35ee058e-5fa0-414c-8145-3ebb8d09b6e2", + "api-version": "2020-07-01", + "parameters": { + "resourceDetails": { + "resourceContent": { + "type": "Microsoft.Compute/virtualMachines", + "properties": { + "priority": "Spot" + } + }, + "apiVersion": "2019-12-01" + }, + "pendingFields": [ + { + "field": "name", + "values": [ + "myVMName" + ] + }, + { + "field": "location", + "values": [ + "eastus", + "westus", + "westus2", + "westeurope" + ] + }, + { + "field": "tags" + } + ] + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "fieldRestrictions": [ + { + "field": "tags.newtag", + "restrictions": [ + { + "result": "Required", + "defaultValue": "defaultVal", + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/1D0906C3", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/57DAC8A0", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/05D92080", + "policyDefinitionReferenceId": "DefRef" + } + } + ] + }, + { + "field": "tags.environment", + "restrictions": [ + { + "result": "Required", + "values": [ + "Prod", + "Int", + "Test" + ], + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/30BD79F6", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/7EB1508A", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/735551F1", + "policyDefinitionReferenceId": "DefRef" + } + } + ] + }, + { + "field": "location", + "restrictions": [ + { + "result": "Deny", + "values": [ + "west europe" + ], + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/0711CCC1", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/1563EBD3", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/1E17783A", + "policyDefinitionReferenceId": "DefRef" + } + }, + { + "result": "Deny", + "values": [ + "eastus", + "westus" + ], + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/25C9F66B", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/5382A69D", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/392D107B", + "policyDefinitionReferenceId": "DefRef" + } + } + ] + } + ], + "contentEvaluationResult": { + "policyEvaluations": [ + { + "policyInfo": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/435CAE41", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/2162358E", + "policyDefinitionReferenceId": "defref222", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/2FF66C37" + }, + "evaluationResult": "NonCompliant", + "evaluationDetails": { + "evaluatedExpressions": [ + { + "result": "True", + "expressionKind": "field", + "expression": "type", + "path": "type", + "expressionValue": "microsoft.compute/virtualmachines", + "targetValue": "microsoft.compute/virtualmachines", + "operator": "equals" + } + ] + } + } + ] + } + } + } + } +} From fd8ec1322f1f42bd07e2759902e4cbf48dcd34e7 Mon Sep 17 00:00:00 2001 From: Elad Perets Date: Tue, 1 Mar 2022 12:18:59 -0800 Subject: [PATCH 2/3] Add new API version (2022-03-01) to Microsoft.PolicyInsights The only change is adding support for MG-level calls to the /checkPolicyRestrictions API. --- .../2022-03-01/checkPolicyRestrictions.json | 90 ++++++++++++++++++- ...trictions_CheckAtManagementGroupScope.json | 43 +++++++++ ...estrictions_CheckAtResourceGroupScope.json | 2 +- ...Restrictions_CheckAtSubscriptionScope.json | 2 +- .../resource-manager/readme.go.md | 10 +++ .../policyinsights/resource-manager/readme.md | 30 ++++++- 6 files changed, 173 insertions(+), 4 deletions(-) create mode 100644 specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/examples/PolicyRestrictions_CheckAtManagementGroupScope.json diff --git a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/checkPolicyRestrictions.json b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/checkPolicyRestrictions.json index f1bf4d7106fd..75a4403be335 100644 --- a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/checkPolicyRestrictions.json +++ b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/checkPolicyRestrictions.json @@ -2,7 +2,7 @@ "swagger": "2.0", "info": { "title": "CheckPolicyRestrictionsClient", - "version": "2020-07-01" + "version": "2022-03-01" }, "host": "management.azure.com", "schemes": [ @@ -116,6 +116,51 @@ } } } + }, + "/providers/{managementGroupsNamespace}/managementGroups/{managementGroupId}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions": { + "post": { + "operationId": "PolicyRestrictions_CheckAtManagementGroupScope", + "description": "Checks what restrictions Azure Policy will place on resources within a management group.", + "parameters": [ + { + "$ref": "#/parameters/managementGroupsNamespaceParameter" + }, + { + "$ref": "#/parameters/managementGroupIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/CheckManagementGroupRestrictionsRequest" + }, + "description": "The check policy restrictions parameters." + } + ], + "responses": { + "200": { + "description": "The restrictions that will be placed on the resource by Azure Policy.", + "schema": { + "$ref": "#/definitions/CheckRestrictionsResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../stable/2019-10-01/policyMetadata.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Check policy restrictions at subscription scope": { + "$ref": "./examples/PolicyRestrictions_CheckAtManagementGroupScope.json" + } + } + } } }, "definitions": { @@ -138,6 +183,24 @@ "resourceDetails" ] }, + "CheckManagementGroupRestrictionsRequest": { + "type": "object", + "description": "The check policy restrictions parameters describing the resource that is being evaluated.", + "properties": { + "resourceDetails": { + "description": "The information about the resource that will be evaluated.", + "$ref": "#/definitions/CheckRestrictionsResourceDetails" + }, + "pendingFields": { + "description": "The list of fields and values that should be evaluated for potential restrictions.", + "type": "array", + "items": { + "$ref": "#/definitions/PendingField" + }, + "x-ms-identifiers": [] + } + } + }, "CheckRestrictionsResourceDetails": { "description": "The information about the resource that will be evaluated.", "properties": { @@ -316,5 +379,30 @@ } } } + }, + "parameters": { + "managementGroupsNamespaceParameter": { + "name": "managementGroupsNamespace", + "in": "path", + "required": true, + "type": "string", + "enum": [ + "Microsoft.Management" + ], + "x-ms-enum": { + "name": "ManagementGroupsNamespaceType", + "modelAsString": false + }, + "description": "The namespace for Microsoft Management RP; only \"Microsoft.Management\" is allowed.", + "x-ms-parameter-location": "method" + }, + "managementGroupIdParameter": { + "name": "managementGroupId", + "in": "path", + "required": true, + "type": "string", + "description": "Management group ID.", + "x-ms-parameter-location": "method" + } } } diff --git a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/examples/PolicyRestrictions_CheckAtManagementGroupScope.json b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/examples/PolicyRestrictions_CheckAtManagementGroupScope.json new file mode 100644 index 000000000000..4b973e30d9b5 --- /dev/null +++ b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/examples/PolicyRestrictions_CheckAtManagementGroupScope.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "managementGroupsNamespace": "Microsoft.Management", + "managementGroupId": "financeMg", + "api-version": "2022-03-01", + "parameters": { + "pendingFields": [ + { + "field": "type" + } + ] + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "fieldRestrictions": [ + { + "field": "type", + "restrictions": [ + { + "result": "Required", + "values": [ + "Microsoft.Compute/virtualMachines" + ], + "policy": { + "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/financeMg/providers/microsoft.authorization/policyDefinitions/allowedTypes", + "policyAssignmentId": "/providers/Microsoft.Management/managementGroups/financeMg/providers/microsoft.authorization/policyAssignments/7EB1508A", + "policySetDefinitionId": "/providers/Microsoft.Management/managementGroups/financeMg/providers/microsoft.authorization/policySetDefinitions/735551F1", + "policyDefinitionReferenceId": "DefRef" + } + } + ] + } + ], + "contentEvaluationResult": { + "policyEvaluations": [] + } + } + } + } +} diff --git a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/examples/PolicyRestrictions_CheckAtResourceGroupScope.json b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/examples/PolicyRestrictions_CheckAtResourceGroupScope.json index d90062bfc1bf..36d6eda3f46b 100644 --- a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/examples/PolicyRestrictions_CheckAtResourceGroupScope.json +++ b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/examples/PolicyRestrictions_CheckAtResourceGroupScope.json @@ -2,7 +2,7 @@ "parameters": { "subscriptionId": "35ee058e-5fa0-414c-8145-3ebb8d09b6e2", "resourceGroupName": "vmRg", - "api-version": "2020-07-01", + "api-version": "2022-03-01", "parameters": { "resourceDetails": { "resourceContent": { diff --git a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/examples/PolicyRestrictions_CheckAtSubscriptionScope.json b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/examples/PolicyRestrictions_CheckAtSubscriptionScope.json index fd0e34342f3f..d34d5c431248 100644 --- a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/examples/PolicyRestrictions_CheckAtSubscriptionScope.json +++ b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/examples/PolicyRestrictions_CheckAtSubscriptionScope.json @@ -1,7 +1,7 @@ { "parameters": { "subscriptionId": "35ee058e-5fa0-414c-8145-3ebb8d09b6e2", - "api-version": "2020-07-01", + "api-version": "2022-03-01", "parameters": { "resourceDetails": { "resourceContent": { diff --git a/specification/policyinsights/resource-manager/readme.go.md b/specification/policyinsights/resource-manager/readme.go.md index 6647dbf5d2af..e73edee4d283 100644 --- a/specification/policyinsights/resource-manager/readme.go.md +++ b/specification/policyinsights/resource-manager/readme.go.md @@ -23,6 +23,7 @@ modelerfour: ``` yaml $(go) && $(multiapi) batch: + - tag: package-2022-03 - tag: package-2021-10 - tag: package-2021-01 - tag: package-2020-07 @@ -31,6 +32,15 @@ batch: - tag: package-2018-04 ``` +### Tag: package-2022-03 and go + +These settings apply only when `--tag=package-2022-03 --go` is specified on the command line. +Please also specify `--go-sdk-folder=`. + +``` yaml $(tag) == 'package-2022-03' && $(go) +output-folder: $(go-sdk-folder)/services/preview/$(namespace)/mgmt/2022-03-01/$(namespace) +``` + ### Tag: package-2021-10 and go These settings apply only when `--tag=package-2021-10 --go` is specified on the command line. diff --git a/specification/policyinsights/resource-manager/readme.md b/specification/policyinsights/resource-manager/readme.md index 87ed5f55eed7..5a23cea1a0ff 100644 --- a/specification/policyinsights/resource-manager/readme.md +++ b/specification/policyinsights/resource-manager/readme.md @@ -27,7 +27,7 @@ These are the global settings for the PolicyInsights API. ``` yaml title: PolicyInsightsClient openapi-type: arm -tag: package-2021-10 +tag: package-2022-03 ``` ### Validations @@ -136,6 +136,20 @@ directive: transform: delete $['post']['x-ms-pageable']['operationName'] ``` +### Tag: package-2022-03 + +These settings apply only when `--tag=package-2022-03` is specified on the command line. + +```yaml $(tag) == 'package-2022-03' +input-file: +- Microsoft.PolicyInsights/preview/2018-07-01-preview/policyTrackedResources.json +- Microsoft.PolicyInsights/stable/2021-10-01/remediations.json +- Microsoft.PolicyInsights/stable/2019-10-01/policyEvents.json +- Microsoft.PolicyInsights/stable/2019-10-01/policyStates.json +- Microsoft.PolicyInsights/stable/2019-10-01/policyMetadata.json +- Microsoft.PolicyInsights/stable/2022-03-01/checkPolicyRestrictions.json +- Microsoft.PolicyInsights/stable/2021-01-01/attestations.json +``` ### Tag: package-2021-10 @@ -289,6 +303,7 @@ output-folder: $(azure-libraries-for-java-folder)/azure-mgmt-policyinsights ``` yaml $(java) && $(multiapi) batch: + - tag: package-2022-03 - tag: package-2021-10 - tag: package-2021-01 - tag: package-2020-07 @@ -297,6 +312,19 @@ batch: - tag: package-2018-04 ``` +### Tag: package-2022-03 and java + +These settings apply only when `--tag=package-2022-03 --java` is specified on the command line. +Please also specify `--azure-libraries-for-java-folder=`. + +``` yaml $(tag) == 'package-2022-03' && $(java) +java: + namespace: com.microsoft.azure.management.policyinsights.v2022_03_01 + output-folder: $(azure-libraries-for-java-folder)/sdk/policyinsights/mgmt-v2022_03_01 +regenerate-manager: true +generate-interface: true +``` + ### Tag: package-2021-10 and java These settings apply only when `--tag=package-2021-10 --java` is specified on the command line. From 7f3a2d19930993760a6b1755c3af470ce57df13a Mon Sep 17 00:00:00 2001 From: Elad Perets Date: Mon, 7 Mar 2022 16:05:59 -0800 Subject: [PATCH 3/3] Fix example title --- .../stable/2022-03-01/checkPolicyRestrictions.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/checkPolicyRestrictions.json b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/checkPolicyRestrictions.json index 75a4403be335..eea8799a69a4 100644 --- a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/checkPolicyRestrictions.json +++ b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-03-01/checkPolicyRestrictions.json @@ -156,7 +156,7 @@ } }, "x-ms-examples": { - "Check policy restrictions at subscription scope": { + "Check policy restrictions at management group scope": { "$ref": "./examples/PolicyRestrictions_CheckAtManagementGroupScope.json" } }