diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2020-10-01-preview/RoleManagementPolicy.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2020-10-01-preview/RoleManagementPolicy.json index 0b378e9a5b4e..13dd3f490e4d 100644 --- a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2020-10-01-preview/RoleManagementPolicy.json +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2020-10-01-preview/RoleManagementPolicy.json @@ -350,7 +350,7 @@ } }, "RoleManagementPolicyApprovalRule": { - "description": "The role management policy rule.", + "description": "The role management policy approval rule.", "allOf": [ { "$ref": "#/definitions/RoleManagementPolicyRule" @@ -370,15 +370,15 @@ "properties": { "isApprovalRequired": { "type": "boolean", - "description": "Determine whether approval is required or not." + "description": "Determines whether approval is required or not." }, "isApprovalRequiredForExtension": { "type": "boolean", - "description": "Determine whether approval is required for assignment extension." + "description": "Determines whether approval is required for assignment extension." }, "isRequestorJustificationRequired": { "type": "boolean", - "description": "Determine whether requestor justification required." + "description": "Determine whether requestor justification is required." }, "approvalMode": { "type": "string", @@ -411,16 +411,16 @@ "approvalStageTimeOutInDays": { "type": "integer", "format": "int32", - "description": "The time in days when approval request would be timed out." + "description": "The time in days when approval request would be timed out" }, "isApproverJustificationRequired": { "type": "boolean", - "description": "Determine whether approver need to provide justification for his decision." + "description": "Determines whether approver need to provide justification for his decision." }, "escalationTimeInMinutes": { "type": "integer", "format": "int32", - "description": "The time in minutes when the approval request would be escalated if the primary approver does not approves." + "description": "The time in minutes when the approval request would be escalated if the primary approver does not approve" }, "primaryApprovers": { "type": "array", @@ -473,7 +473,7 @@ } }, "RoleManagementPolicyAuthenticationContextRule": { - "description": "The role management policy rule.", + "description": "The role management policy authentication context rule.", "allOf": [ { "$ref": "#/definitions/RoleManagementPolicyRule" @@ -504,7 +504,7 @@ "type": "array", "items": { "type": "string", - "description": "The type of enable rules", + "description": "The type of enablement rule", "enum": [ "MultiFactorAuthentication", "Justification", @@ -520,7 +520,7 @@ } }, "RoleManagementPolicyExpirationRule": { - "description": "The role management policy rule.", + "description": "The role management policy expiration rule.", "allOf": [ { "$ref": "#/definitions/RoleManagementPolicyRule" @@ -539,7 +539,7 @@ } }, "RoleManagementPolicyNotificationRule": { - "description": "The role management policy rule.", + "description": "The role management policy notification rule.", "allOf": [ { "$ref": "#/definitions/RoleManagementPolicyRule" @@ -589,11 +589,11 @@ "items": { "type": "string" }, - "description": "The list notification recipients." + "description": "The list of notification recipients." }, "isDefaultRecipientsEnabled": { "type": "boolean", - "description": "Its value determine if the notification need to be sent to the recipient type specified in policy rule." + "description": "Determines if the notification will be sent to the recipient type specified in the policy rule." } } }, @@ -614,7 +614,7 @@ }, "level": { "type": "string", - "description": "The assignment level to which it is applied." + "description": "The assignment level to which rule is applied." }, "targetObjects": { "type": "array", diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/authorization-RoleDefinitionsCalls.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/authorization-RoleDefinitionsCalls.json new file mode 100644 index 000000000000..4d9de4e9dc11 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/authorization-RoleDefinitionsCalls.json @@ -0,0 +1,520 @@ +{ + "swagger": "2.0", + "info": { + "title": "AuthorizationManagementClient", + "version": "2022-05-01-preview", + "description": "Role based access control provides you a way to apply granular level policy administration down to individual resources or resource groups. These operations allow you to manage role definitions. A role definition describes the set of actions that can be performed on resources." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Authorization/permissions": { + "get": { + "tags": [ + "Permissions" + ], + "operationId": "Permissions_ListForResourceGroup", + "description": "Gets all permissions the caller has for a resource group.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of permissions.", + "schema": { + "$ref": "#/definitions/PermissionGetResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "List permissions for resource group": { + "$ref": "./examples/GetPermissions.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/permissions": { + "get": { + "tags": [ + "Permissions" + ], + "operationId": "Permissions_ListForResource", + "description": "Gets all permissions the caller has for a resource.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./common-types.json#/parameters/ResourceProviderNamespaceParameter" + }, + { + "name": "parentResourcePath", + "in": "path", + "required": true, + "type": "string", + "description": "The parent resource identity.", + "x-ms-skip-url-encoding": true + }, + { + "name": "resourceType", + "in": "path", + "required": true, + "type": "string", + "description": "The resource type of the resource.", + "x-ms-skip-url-encoding": true + }, + { + "name": "resourceName", + "in": "path", + "required": true, + "pattern": ".+", + "type": "string", + "description": "The name of the resource to get the permissions for." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of permissions.", + "schema": { + "$ref": "#/definitions/PermissionGetResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "List permissions for resource": { + "$ref": "./examples/GetResourcePermissions.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionId}": { + "delete": { + "tags": [ + "RoleDefinitions" + ], + "operationId": "RoleDefinitions_Delete", + "description": "Deletes a role definition.", + "parameters": [ + { + "$ref": "./common-types.json#/parameters/ScopeParameter" + }, + { + "name": "roleDefinitionId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the role definition to delete." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the role definition.", + "schema": { + "$ref": "#/definitions/RoleDefinition" + } + }, + "204": { + "description": "Role definition already deleted or does not exist." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete role definition": { + "$ref": "./examples/DeleteRoleDefinition.json" + } + } + }, + "get": { + "tags": [ + "RoleDefinitions" + ], + "operationId": "RoleDefinitions_Get", + "description": "Get role definition by ID (GUID).", + "parameters": [ + { + "$ref": "./common-types.json#/parameters/ScopeParameter" + }, + { + "name": "roleDefinitionId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the role definition." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the role definition.", + "schema": { + "$ref": "#/definitions/RoleDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Get role definition by id": { + "$ref": "./examples/GetRoleDefinitionById.json" + } + } + }, + "put": { + "tags": [ + "RoleDefinitions" + ], + "operationId": "RoleDefinitions_CreateOrUpdate", + "description": "Creates or updates a role definition.", + "parameters": [ + { + "$ref": "./common-types.json#/parameters/ScopeParameter" + }, + { + "name": "roleDefinitionId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the role definition." + }, + { + "name": "roleDefinition", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/RoleDefinition" + }, + "description": "The values for the role definition." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "OK - Returns information about the created or updated role definition.", + "schema": { + "$ref": "#/definitions/RoleDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create role definition": { + "$ref": "./examples/PutRoleDefinition.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleDefinitions": { + "get": { + "tags": [ + "RoleDefinitions" + ], + "operationId": "RoleDefinitions_List", + "description": "Get all role definitions that are applicable at scope and above.", + "parameters": [ + { + "$ref": "./common-types.json#/parameters/ScopeParameter" + }, + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Use atScopeAndBelow filter to search below the given scope as well." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of role definitions.", + "schema": { + "$ref": "#/definitions/RoleDefinitionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "#/definitions/RoleDefinitionFilter", + "x-ms-examples": { + "List role definitions for scope": { + "$ref": "./examples/GetRoleDefinitionAtScope.json" + } + } + } + } + }, + "x-ms-paths": { + "/{roleId}?disambiguation_dummy": { + "get": { + "tags": [ + "RoleDefinitions" + ], + "operationId": "RoleDefinitions_GetById", + "description": "Gets a role definition by ID.", + "parameters": [ + { + "name": "roleId", + "in": "path", + "required": true, + "type": "string", + "description": "The fully qualified role definition ID. Use the format, /subscriptions/{guid}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionId} for subscription level role definitions, or /providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionId} for tenant level role definitions.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the role definition.", + "schema": { + "$ref": "#/definitions/RoleDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Get role definition by role ID": { + "$ref": "./examples/GetRoleDefinitionByRoleId.json" + } + } + } + } + }, + "definitions": { + "RoleDefinitionFilter": { + "properties": { + "roleName": { + "type": "string", + "description": "Returns role definition with the specific name." + }, + "type": { + "type": "string", + "description": "Returns role definition with the specific type." + } + }, + "type": "object", + "description": "Role Definitions filter" + }, + "RoleDefinitionProperties": { + "properties": { + "roleName": { + "type": "string", + "description": "The role name." + }, + "description": { + "type": "string", + "description": "The role definition description." + }, + "type": { + "type": "string", + "description": "The role type.", + "x-ms-client-name": "roleType" + }, + "permissions": { + "type": "array", + "items": { + "$ref": "./common-types.json#/definitions/Permission" + }, + "x-ms-identifiers": [], + "description": "Role definition permissions." + }, + "assignableScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Role definition assignable scopes." + }, + "createdOn": { + "readOnly": true, + "type": "string", + "description": "Time it was created", + "format": "date-time" + }, + "updatedOn": { + "readOnly": true, + "type": "string", + "description": "Time it was updated", + "format": "date-time" + }, + "createdBy": { + "readOnly": true, + "type": "string", + "description": "Id of the user who created the assignment" + }, + "updatedBy": { + "readOnly": true, + "type": "string", + "description": "Id of the user who updated the assignment" + } + }, + "type": "object", + "description": "Role definition properties." + }, + "RoleDefinition": { + "x-ms-azure-resource": true, + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "The role definition ID." + }, + "name": { + "type": "string", + "readOnly": true, + "description": "The role definition name." + }, + "type": { + "type": "string", + "readOnly": true, + "description": "The role definition type." + }, + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/RoleDefinitionProperties", + "description": "Role definition properties." + } + }, + "type": "object", + "description": "Role definition." + }, + "RoleDefinitionListResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/RoleDefinition" + }, + "description": "Role definition list." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "type": "object", + "description": "Role definition list operation result." + }, + "PermissionGetResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "./common-types.json#/definitions/Permission" + }, + "x-ms-identifiers": [], + "description": "An array of permissions." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "type": "object", + "description": "Permissions information." + } + }, + "parameters": { + "FilterParameter": { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Use $filter=atScope() to return all deny assignments at or above the scope. Use $filter=denyAssignmentName eq '{name}' to search deny assignments by name at specified scope. Use $filter=principalId eq '{id}' to return all deny assignments at, above and below the scope for the specified principal. Use $filter=gdprExportPrincipalId eq '{id}' to return all deny assignments at, above and below the scope for the specified principal. This filter is different from the principalId filter as it returns not only those deny assignments that contain the specified principal is the Principals list but also those deny assignments that contain the specified principal is the ExcludePrincipals list. Additionally, when gdprExportPrincipalId filter is used, only the deny assignment name and description properties are returned.", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/common-types.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/common-types.json new file mode 100644 index 000000000000..7c31f8598eb2 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/common-types.json @@ -0,0 +1,453 @@ +{ + "swagger": "2.0", + "info": { + "version": "2022-05-01-preview", + "title": "AuthorizationManagementClient" + }, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": {}, + "definitions": { + "Permission": { + "properties": { + "actions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Allowed actions." + }, + "notActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Denied actions." + }, + "dataActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Allowed Data actions." + }, + "notDataActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Denied Data actions." + }, + "condition": { + "readOnly": true, + "type": "string", + "description": "The conditions on the role definition. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'" + }, + "conditionVersion": { + "readOnly": true, + "type": "string", + "description": "Version of the condition. Currently the only accepted value is '2.0'" + } + }, + "type": "object", + "description": "Role definition permissions." + }, + "Principal": { + "readOnly": true, + "type": "object", + "description": "The name of the entity last modified it", + "properties": { + "id": { + "type": "string", + "description": "The id of the principal made changes" + }, + "displayName": { + "type": "string", + "description": "The name of the principal made changes" + }, + "type": { + "type": "string", + "description": "Type of principal such as user , group etc" + }, + "email": { + "type": "string", + "description": "Email of principal" + } + } + }, + "RoleManagementPolicyRule": { + "description": "The role management policy rule.", + "type": "object", + "required": [ + "ruleType" + ], + "discriminator": "ruleType", + "properties": { + "id": { + "type": "string", + "description": "The id of the rule." + }, + "ruleType": { + "description": "The type of rule", + "$ref": "#/definitions/RoleManagementPolicyRuleType" + }, + "target": { + "$ref": "#/definitions/RoleManagementPolicyRuleTarget", + "description": "The target of the current rule." + } + } + }, + "RoleManagementPolicyApprovalRule": { + "description": "The role management policy approval rule.", + "allOf": [ + { + "$ref": "#/definitions/RoleManagementPolicyRule" + } + ], + "type": "object", + "properties": { + "setting": { + "$ref": "#/definitions/ApprovalSettings", + "description": "The approval setting" + } + } + }, + "ApprovalSettings": { + "description": "The approval settings.", + "type": "object", + "properties": { + "isApprovalRequired": { + "type": "boolean", + "description": "Determines whether approval is required or not." + }, + "isApprovalRequiredForExtension": { + "type": "boolean", + "description": "Determines whether approval is required for assignment extension." + }, + "isRequestorJustificationRequired": { + "type": "boolean", + "description": "Determine whether requestor justification is required." + }, + "approvalMode": { + "type": "string", + "description": "The type of rule", + "enum": [ + "SingleStage", + "Serial", + "Parallel", + "NoApproval" + ], + "x-ms-enum": { + "name": "ApprovalMode", + "modelAsString": true + } + }, + "approvalStages": { + "type": "array", + "items": { + "$ref": "#/definitions/ApprovalStage" + }, + "x-ms-identifiers": [], + "description": "The approval stages of the request." + } + } + }, + "ApprovalStage": { + "description": "The approval stage.", + "type": "object", + "properties": { + "approvalStageTimeOutInDays": { + "type": "integer", + "format": "int32", + "description": "The time in days when approval request would be timed out" + }, + "isApproverJustificationRequired": { + "type": "boolean", + "description": "Determines whether approver need to provide justification for his decision." + }, + "escalationTimeInMinutes": { + "type": "integer", + "format": "int32", + "description": "The time in minutes when the approval request would be escalated if the primary approver does not approve" + }, + "primaryApprovers": { + "type": "array", + "description": "The primary approver of the request.", + "items": { + "$ref": "#/definitions/UserSet" + } + }, + "isEscalationEnabled": { + "type": "boolean", + "description": "The value determine whether escalation feature is enabled." + }, + "escalationApprovers": { + "type": "array", + "description": "The escalation approver of the request.", + "items": { + "$ref": "#/definitions/UserSet" + } + } + } + }, + "UserSet": { + "description": "The detail of a user.", + "type": "object", + "properties": { + "userType": { + "type": "string", + "description": "The type of user.", + "enum": [ + "User", + "Group" + ], + "x-ms-enum": { + "name": "UserType", + "modelAsString": true + } + }, + "isBackup": { + "type": "boolean", + "description": "The value indicating whether the user is a backup fallback approver" + }, + "id": { + "type": "string", + "description": "The object id of the user." + }, + "description": { + "type": "string", + "description": "The description of the user." + } + } + }, + "RoleManagementPolicyAuthenticationContextRule": { + "description": "The role management policy authentication context rule.", + "allOf": [ + { + "$ref": "#/definitions/RoleManagementPolicyRule" + } + ], + "type": "object", + "properties": { + "isEnabled": { + "type": "boolean", + "description": "The value indicating if rule is enabled." + }, + "claimValue": { + "type": "string", + "description": "The claim value." + } + } + }, + "RoleManagementPolicyEnablementRule": { + "description": "The role management policy enablement rule.", + "allOf": [ + { + "$ref": "#/definitions/RoleManagementPolicyRule" + } + ], + "type": "object", + "properties": { + "enabledRules": { + "type": "array", + "items": { + "type": "string", + "description": "The type of enablement rule", + "enum": [ + "MultiFactorAuthentication", + "Justification", + "Ticketing" + ], + "x-ms-enum": { + "name": "EnablementRules", + "modelAsString": true + } + }, + "description": "The list of enabled rules." + } + } + }, + "RoleManagementPolicyExpirationRule": { + "description": "The role management policy expiration rule.", + "allOf": [ + { + "$ref": "#/definitions/RoleManagementPolicyRule" + } + ], + "type": "object", + "properties": { + "isExpirationRequired": { + "type": "boolean", + "description": "The value indicating whether expiration is required." + }, + "maximumDuration": { + "type": "string", + "description": "The maximum duration of expiration in timespan." + } + } + }, + "RoleManagementPolicyNotificationRule": { + "description": "The role management policy notification rule.", + "allOf": [ + { + "$ref": "#/definitions/RoleManagementPolicyRule" + } + ], + "type": "object", + "properties": { + "notificationType": { + "type": "string", + "description": "The type of notification.", + "enum": [ + "Email" + ], + "x-ms-enum": { + "name": "NotificationDeliveryMechanism", + "modelAsString": true + } + }, + "notificationLevel": { + "type": "string", + "description": "The notification level.", + "enum": [ + "None", + "Critical", + "All" + ], + "x-ms-enum": { + "name": "NotificationLevel", + "modelAsString": true + } + }, + "recipientType": { + "type": "string", + "description": "The recipient type.", + "enum": [ + "Requestor", + "Approver", + "Admin" + ], + "x-ms-enum": { + "name": "RecipientType", + "modelAsString": true + } + }, + "notificationRecipients": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of notification recipients." + }, + "isDefaultRecipientsEnabled": { + "type": "boolean", + "description": "Determines if the notification will be sent to the recipient type specified in the policy rule." + } + } + }, + "RoleManagementPolicyRuleTarget": { + "description": "The role management policy rule target.", + "type": "object", + "properties": { + "caller": { + "type": "string", + "description": "The caller of the setting." + }, + "operations": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The type of operation." + }, + "level": { + "type": "string", + "description": "The assignment level to which rule is applied." + }, + "targetObjects": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of target objects." + }, + "inheritableSettings": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of inheritable settings." + }, + "enforcedSettings": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of enforced settings." + } + } + }, + "RoleManagementPolicyRuleType": { + "type": "string", + "description": "The type of rule", + "enum": [ + "RoleManagementPolicyApprovalRule", + "RoleManagementPolicyAuthenticationContextRule", + "RoleManagementPolicyEnablementRule", + "RoleManagementPolicyExpirationRule", + "RoleManagementPolicyNotificationRule" + ], + "x-ms-enum": { + "name": "RoleManagementPolicyRuleType", + "modelAsString": true + } + } + }, + "parameters": { + "ResourceProviderNamespaceParameter": { + "name": "resourceProviderNamespace", + "in": "path", + "required": true, + "type": "string", + "description": "The namespace of the resource provider.", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + }, + "ResourceTypeParameter": { + "name": "resourceType", + "in": "path", + "required": true, + "type": "string", + "description": "The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites).", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + }, + "ResourceNameParameter": { + "name": "resourceName", + "in": "path", + "required": true, + "type": "string", + "description": "The resource name.", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + }, + "ScopeParameter": { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/examples/DeleteRoleDefinition.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/examples/DeleteRoleDefinition.json new file mode 100644 index 000000000000..a39bc3eaaf58 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/examples/DeleteRoleDefinition.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "scope": "scope", + "roleDefinitionId": "roleDefinitionId", + "api-version": "2022-05-01-preview" + }, + "responses": { + "200": { + "body": { + "properties": { + "roleName": "Role name", + "type": "roletype", + "description": "Role description", + "assignableScopes": [ + "/subscriptions/subId" + ], + "permissions": [ + { + "actions": [ + "action" + ], + "notActions": [], + "dataActions": [ + "dataAction" + ], + "notDataActions": [] + } + ] + }, + "id": "/subscriptions/subID/providers/Microsoft.Authorization/roleDefinitions/roleDefinitionId", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "roleDefinitionId" + } + }, + "204": {} + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/examples/GetPermissions.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/examples/GetPermissions.json new file mode 100644 index 000000000000..922c1c6f348b --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/examples/GetPermissions.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "resourceGroupName": "rgname", + "subscriptionId": "subID", + "api-version": "2022-05-01-preview" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "actions": [], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "nextLink": "nextlink" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/examples/GetResourcePermissions.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/examples/GetResourcePermissions.json new file mode 100644 index 000000000000..072161b8f734 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/examples/GetResourcePermissions.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "subscriptionId": "subId", + "resourceGroupName": "rgname", + "resourceProviderNamespace": "rpnamespace", + "parentResourcePath": "parentResourcePath", + "resourceType": "resourceType", + "resourceName": "resourceName", + "api-version": "2022-05-01-preview" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "actions": [], + "notActions": [] + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/examples/GetRoleDefinitionAtScope.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/examples/GetRoleDefinitionAtScope.json new file mode 100644 index 000000000000..339f9f9c418d --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/examples/GetRoleDefinitionAtScope.json @@ -0,0 +1,39 @@ +{ + "parameters": { + "scope": "scope", + "api-version": "2022-05-01-preview" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "roleName": "Role name", + "type": "roletype", + "description": "Role description", + "assignableScopes": [ + "/subscriptions/subId" + ], + "permissions": [ + { + "actions": [ + "action" + ], + "notActions": [], + "dataActions": [ + "dataAction" + ], + "notDataActions": [] + } + ] + }, + "id": "/subscriptions/subID/providers/Microsoft.Authorization/roleDefinitions/roleDefinitionId", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "roleDefinitionId" + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/examples/GetRoleDefinitionById.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/examples/GetRoleDefinitionById.json new file mode 100644 index 000000000000..0ad4279018a1 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/examples/GetRoleDefinitionById.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "scope": "scope", + "roleDefinitionId": "roleDefinitionId", + "api-version": "2022-05-01-preview" + }, + "responses": { + "200": { + "body": { + "properties": { + "roleName": "Role name", + "type": "roletype", + "description": "Role description", + "assignableScopes": [ + "/subscriptions/subId" + ], + "permissions": [ + { + "actions": [ + "action" + ], + "notActions": [], + "dataActions": [ + "dataAction" + ], + "notDataActions": [] + } + ] + }, + "id": "/subscriptions/subID/providers/Microsoft.Authorization/roleDefinitions/roleDefinitionId", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "roleDefinitionId" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/examples/GetRoleDefinitionByRoleId.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/examples/GetRoleDefinitionByRoleId.json new file mode 100644 index 000000000000..c8cf3fd93d6e --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/examples/GetRoleDefinitionByRoleId.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "roleId": "roleDefinitionId", + "api-version": "2022-05-01-preview" + }, + "responses": { + "200": { + "body": { + "properties": { + "roleName": "Role name", + "type": "roletype", + "description": "Role description", + "assignableScopes": [ + "/subscriptions/subId" + ], + "permissions": [ + { + "actions": [ + "action" + ], + "notActions": [], + "dataActions": [ + "dataAction" + ], + "notDataActions": [] + } + ] + }, + "id": "/subscriptions/subID/providers/Microsoft.Authorization/roleDefinitions/roleDefinitionId", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "roleDefinitionId" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/examples/PutRoleDefinition.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/examples/PutRoleDefinition.json new file mode 100644 index 000000000000..9e6a0d763a35 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/examples/PutRoleDefinition.json @@ -0,0 +1,61 @@ +{ + "parameters": { + "scope": "scope", + "roleDefinitionId": "roleDefinitionId", + "roleDefinition": {}, + "body": { + "roleDefinition": { + "roleName": "Role name", + "description": "Role description", + "assignableScopes": [ + "/subscriptions/subId" + ], + "permissions": [ + { + "actions": [ + "action" + ], + "notActions": [], + "dataActions": [ + "dataAction" + ], + "notDataActions": [] + } + ], + "id": "/subscriptions/subID/providers/Microsoft.Authorization/roleDefinitions/roleDefinitionId", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "roleDefinitionId" + } + }, + "api-version": "2022-05-01-preview" + }, + "responses": { + "201": { + "body": { + "properties": { + "roleName": "Role name", + "type": "roletype", + "description": "Role description", + "assignableScopes": [ + "/subscriptions/subId" + ], + "permissions": [ + { + "actions": [ + "action" + ], + "notActions": [], + "dataActions": [ + "dataAction" + ], + "notDataActions": [] + } + ] + }, + "id": "/subscriptions/subID/providers/Microsoft.Authorization/roleDefinitions/roleDefinitionId", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "roleDefinitionId" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/authorization-RoleDefinitionsCalls.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/authorization-RoleDefinitionsCalls.json index 6222e0075585..cecfbd0b128e 100644 --- a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/authorization-RoleDefinitionsCalls.json +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/authorization-RoleDefinitionsCalls.json @@ -110,6 +110,7 @@ "name": "resourceName", "in": "path", "required": true, + "pattern": ".+", "type": "string", "description": "The name of the resource to get the permissions for." }, diff --git a/specification/authorization/resource-manager/readme.csharp.md b/specification/authorization/resource-manager/readme.csharp.md index 86a3f65c0ac3..ace02823cccb 100644 --- a/specification/authorization/resource-manager/readme.csharp.md +++ b/specification/authorization/resource-manager/readme.csharp.md @@ -144,4 +144,16 @@ output-folder: $(csharp-sdks-folder)/Authorization/Management.Authorization/$(cs batch: - tag: package-2022-04-01 + ``` + + ### Profile: profile_2022_05_01_preview + +These settings apply only when `--csharp-profile=profile_2022_05_01_preview` is specified on the command line. + + ``` yaml $(csharp-profile)=='profile_2022_05_01_preview' +namespace: Microsoft.Azure.Management.Profiles.$(csharp-profile).Authorization +output-folder: $(csharp-sdks-folder)/Authorization/Management.Authorization/$(csharp-profile)/Generated + +batch: + - tag: package-2022-05-01-preview ``` \ No newline at end of file diff --git a/specification/authorization/resource-manager/readme.go.md b/specification/authorization/resource-manager/readme.go.md index 9df6e20a96ff..af778fb24cdf 100644 --- a/specification/authorization/resource-manager/readme.go.md +++ b/specification/authorization/resource-manager/readme.go.md @@ -101,4 +101,4 @@ Please also specify `--go-sdk-folder=