diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-09-01/examples/createOrUpdatePolicyDefinitionAdvancedParams.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-09-01/examples/createOrUpdatePolicyDefinitionAdvancedParams.json new file mode 100644 index 000000000000..4599ed246e3c --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-09-01/examples/createOrUpdatePolicyDefinitionAdvancedParams.json @@ -0,0 +1,117 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "EventHubDiagnosticLogs", + "api-version": "2019-09-01", + "parameters": { + "properties": { + "mode": "Indexed", + "displayName": "Event Hubs should have diagnostic logging enabled", + "description": "Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised", + "metadata": { + "category": "Event Hub" + }, + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.EventHub/namespaces" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "type": "Microsoft.Insights/diagnosticSettings", + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled", + "equals": "true" + }, + { + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days", + "equals": "[parameters('requiredRetentionDays')]" + } + ] + } + } + } + }, + "parameters": { + "requiredRetentionDays": { + "type": "Integer", + "defaultValue": 365, + "allowedValues": [ + 0, + 30, + 90, + 180, + 365 + ], + "metadata": { + "displayName": "Required retention (days)", + "description": "The required diagnostic logs retention in days" + } + } + } + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "ResourceNaming", + "properties": { + "mode": "Indexed", + "displayName": "Event Hubs should have diagnostic logging enabled", + "description": "Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised", + "metadata": { + "category": "Event Hub" + }, + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.EventHub/namespaces" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "type": "Microsoft.Insights/diagnosticSettings", + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled", + "equals": "true" + }, + { + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days", + "equals": "[parameters('requiredRetentionDays')]" + } + ] + } + } + } + }, + "parameters": { + "requiredRetentionDays": { + "type": "Integer", + "defaultValue": 365, + "allowedValues": [ + 0, + 30, + 90, + 180, + 365 + ], + "metadata": { + "displayName": "Required retention (days)", + "description": "The required diagnostic logs retention in days" + } + } + } + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-09-01/policyAssignments.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-09-01/policyAssignments.json index 71e3b13202dc..b0e1d4779f08 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-09-01/policyAssignments.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-09-01/policyAssignments.json @@ -605,16 +605,19 @@ "ParameterValues": { "type": "object", "additionalProperties": { - "type": "object", - "properties": { - "value": { - "description": "The value of the parameter.", - "type": "object" - } - } + "$ref": "#/definitions/ParameterValuesValue" }, "description": "The parameter values for the policy rule. The keys are the parameter names." }, + "ParameterValuesValue": { + "properties": { + "value": { + "description": "The value of the parameter.", + "type": "object" + } + }, + "description": "The value of a parameter." + }, "PolicySku": { "properties": { "name": { @@ -699,14 +702,24 @@ }, "type": { "type": "string", - "description": "The identity type.", + "description": "The identity type. This is the only required field when adding a system assigned identity to a resource.", "enum": [ "SystemAssigned", "None" ], "x-ms-enum": { "name": "ResourceIdentityType", - "modelAsString": false + "modelAsString": false, + "values": [ + { + "value": "SystemAssigned", + "description": "Indicates that a system assigned identity is associated with the resource." + }, + { + "value": "None", + "description": "Indicates that no identity is associated with the resource or that the existing identity should be removed." + } + ] } } }, diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-09-01/policyDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-09-01/policyDefinitions.json index 22e3fc3a3c8f..3f5f1c40958c 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-09-01/policyDefinitions.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-09-01/policyDefinitions.json @@ -45,6 +45,9 @@ "x-ms-examples": { "Create or update a policy definition": { "$ref": "./examples/createOrUpdatePolicyDefinition.json" + }, + "Create or update a policy definition with advanced parameters": { + "$ref": "./examples/createOrUpdatePolicyDefinitionAdvancedParams.json" } }, "parameters": [ @@ -520,58 +523,61 @@ }, "description": "The policy definition properties." }, + "ParameterDefinitionsValue": { + "properties": { + "type": { + "description": "The data type of the parameter.", + "type": "string", + "enum": [ + "String", + "Array", + "Object", + "Boolean", + "Integer", + "Float", + "DateTime" + ], + "x-ms-enum": { + "name": "parameterType", + "modelAsString": true + } + }, + "allowedValues": { + "type": "array", + "items": { + "type": "object" + }, + "description": "The allowed values for the parameter." + }, + "defaultValue": { + "type": "object", + "description": "The default value for the parameter if no value is provided." + }, + "metadata": { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "description": "The display name for the parameter." + }, + "description": { + "type": "string", + "description": "The description of the parameter." + } + }, + "additionalProperties": { + "type": "object" + }, + "description": "General metadata for the parameter." + } + }, + "description": "The definition of a parameter that can be provided to the policy." + }, "ParameterDefinitions": { "description": "The parameter definitions for parameters used in the policy. The keys are the parameter names.", "type": "object", "additionalProperties": { - "type": "object", - "properties": { - "type": { - "description": "The data type of the parameter.", - "type": "string", - "enum": [ - "String", - "Array", - "Object", - "Boolean", - "Integer", - "Float", - "DateTime" - ], - "x-ms-enum": { - "name": "parameterType", - "modelAsString": true - } - }, - "allowedValues": { - "type": "array", - "items": { - "type": "object" - }, - "description": "The allowed values for the parameter." - }, - "defaultValue": { - "type": "object", - "description": "The default value for the parameter if no value is provided." - }, - "metadata": { - "type": "object", - "properties": { - "displayName": { - "type": "string", - "description": "The display name for the parameter." - }, - "description": { - "type": "string", - "description": "The description of the parameter." - } - }, - "additionalProperties": { - "type": "object" - }, - "description": "General metadata for the parameter." - } - } + "$ref": "#/definitions/ParameterDefinitionsValue" } }, "PolicyDefinition": {