From da265406f5265e95b13e220a3bd9d067acf3227c Mon Sep 17 00:00:00 2001 From: SDKAuto Date: Fri, 1 Apr 2022 00:52:49 +0000 Subject: [PATCH] CodeGen from PR 18459 in Azure/azure-rest-api-specs 2020-10-01 GA release of PIM specs (#18459) * Initial commit: copy 2020-10-01-preview to stable * Remove -preview tag from 2020-10-01 * Update readme.md * [New Change] Add /validate to request models * [New] Add effectiveRules in policyAsignment model * remove /providers/Microsoft.Subscription in exampl * Misc fixes * Refactory common model for rules * Grammar fixes * config readme.python * update Co-authored-by: Jiefeng Chen (WICRESOFT NORTH AMERICA LTD) --- .../subscriptionDeploymentTemplate.json | 9 + .../managementGroupDeploymentTemplate.json | 9 + .../2019-08-01/tenantDeploymentTemplate.json | 9 + .../Microsoft.Authorization.Authz.json | 450 ++++++++++++++++++ schemas/common/autogeneratedResources.json | 9 + 5 files changed, 486 insertions(+) create mode 100644 schemas/2020-10-01/Microsoft.Authorization.Authz.json diff --git a/schemas/2018-05-01/subscriptionDeploymentTemplate.json b/schemas/2018-05-01/subscriptionDeploymentTemplate.json index 6046930745..29ceb23410 100644 --- a/schemas/2018-05-01/subscriptionDeploymentTemplate.json +++ b/schemas/2018-05-01/subscriptionDeploymentTemplate.json @@ -545,6 +545,15 @@ { "$ref": "https://schema.management.azure.com/schemas/2020-08-01-preview/Microsoft.Authorization.Authz.json#/unknown_resourceDefinitions/roleAssignments" }, + { + "$ref": "https://schema.management.azure.com/schemas/2020-10-01/Microsoft.Authorization.Authz.json#/unknown_resourceDefinitions/roleAssignmentScheduleRequests" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2020-10-01/Microsoft.Authorization.Authz.json#/unknown_resourceDefinitions/roleEligibilityScheduleRequests" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2020-10-01/Microsoft.Authorization.Authz.json#/unknown_resourceDefinitions/roleManagementPolicyAssignments" + }, { "$ref": "https://schema.management.azure.com/schemas/2020-10-01-preview/Microsoft.Authorization.Authz.json#/unknown_resourceDefinitions/roleAssignments" }, diff --git a/schemas/2019-08-01/managementGroupDeploymentTemplate.json b/schemas/2019-08-01/managementGroupDeploymentTemplate.json index 88736bd26c..ddc3b5b37f 100644 --- a/schemas/2019-08-01/managementGroupDeploymentTemplate.json +++ b/schemas/2019-08-01/managementGroupDeploymentTemplate.json @@ -527,6 +527,15 @@ { "$ref": "https://schema.management.azure.com/schemas/2020-08-01-preview/Microsoft.Authorization.Authz.json#/unknown_resourceDefinitions/roleAssignments" }, + { + "$ref": "https://schema.management.azure.com/schemas/2020-10-01/Microsoft.Authorization.Authz.json#/unknown_resourceDefinitions/roleAssignmentScheduleRequests" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2020-10-01/Microsoft.Authorization.Authz.json#/unknown_resourceDefinitions/roleEligibilityScheduleRequests" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2020-10-01/Microsoft.Authorization.Authz.json#/unknown_resourceDefinitions/roleManagementPolicyAssignments" + }, { "$ref": "https://schema.management.azure.com/schemas/2020-10-01-preview/Microsoft.Authorization.Authz.json#/unknown_resourceDefinitions/roleAssignments" }, diff --git a/schemas/2019-08-01/tenantDeploymentTemplate.json b/schemas/2019-08-01/tenantDeploymentTemplate.json index 43c201e743..8aef504f29 100644 --- a/schemas/2019-08-01/tenantDeploymentTemplate.json +++ b/schemas/2019-08-01/tenantDeploymentTemplate.json @@ -535,6 +535,15 @@ { "$ref": "https://schema.management.azure.com/schemas/2020-08-01-preview/Microsoft.Authorization.Authz.json#/unknown_resourceDefinitions/roleAssignments" }, + { + "$ref": "https://schema.management.azure.com/schemas/2020-10-01/Microsoft.Authorization.Authz.json#/unknown_resourceDefinitions/roleAssignmentScheduleRequests" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2020-10-01/Microsoft.Authorization.Authz.json#/unknown_resourceDefinitions/roleEligibilityScheduleRequests" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2020-10-01/Microsoft.Authorization.Authz.json#/unknown_resourceDefinitions/roleManagementPolicyAssignments" + }, { "$ref": "https://schema.management.azure.com/schemas/2020-10-01-preview/Microsoft.Authorization.Authz.json#/unknown_resourceDefinitions/roleAssignments" }, diff --git a/schemas/2020-10-01/Microsoft.Authorization.Authz.json b/schemas/2020-10-01/Microsoft.Authorization.Authz.json new file mode 100644 index 0000000000..5e04287510 --- /dev/null +++ b/schemas/2020-10-01/Microsoft.Authorization.Authz.json @@ -0,0 +1,450 @@ +{ + "id": "https://schema.management.azure.com/schemas/2020-10-01/Microsoft.Authorization.Authz.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Authorization", + "description": "Microsoft Authorization Resource Types", + "resourceDefinitions": {}, + "unknown_resourceDefinitions": { + "roleAssignmentScheduleRequests": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2020-10-01" + ] + }, + "name": { + "type": "string", + "description": "A GUID for the role assignment to create. The name must be unique and different for each role assignment." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleAssignmentScheduleRequestProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role assignment schedule request properties with scope." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleAssignmentScheduleRequests" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleAssignmentScheduleRequests" + }, + "roleEligibilityScheduleRequests": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2020-10-01" + ] + }, + "name": { + "type": "string", + "description": "The name of the role eligibility to create. It can be any valid GUID." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleEligibilityScheduleRequestProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role eligibility schedule request properties with scope." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleEligibilityScheduleRequests" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleEligibilityScheduleRequests" + }, + "roleManagementPolicyAssignments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2020-10-01" + ] + }, + "name": { + "type": "string", + "description": "The name of format {guid_guid} the role management policy assignment to upsert." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleManagementPolicyAssignmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role management policy assignment properties with scope." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleManagementPolicyAssignments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleManagementPolicyAssignments" + } + }, + "definitions": { + "RoleAssignmentScheduleRequestProperties": { + "type": "object", + "properties": { + "condition": { + "type": "string", + "description": "The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'" + }, + "conditionVersion": { + "type": "string", + "description": "Version of the condition. Currently accepted value is '2.0'" + }, + "justification": { + "type": "string", + "description": "Justification for the role assignment" + }, + "linkedRoleEligibilityScheduleId": { + "type": "string", + "description": "The linked role eligibility schedule id - to activate an eligibility." + }, + "principalId": { + "type": "string", + "description": "The principal ID." + }, + "requestType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "AdminAssign", + "AdminRemove", + "AdminUpdate", + "AdminExtend", + "AdminRenew", + "SelfActivate", + "SelfDeactivate", + "SelfExtend", + "SelfRenew" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of the role assignment schedule request. Eg: SelfActivate, AdminAssign etc." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition ID." + }, + "scheduleInfo": { + "oneOf": [ + { + "$ref": "#/definitions/RoleAssignmentScheduleRequestPropertiesScheduleInfo" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Schedule info of the role assignment schedule" + }, + "targetRoleAssignmentScheduleId": { + "type": "string", + "description": "The resultant role assignment schedule id or the role assignment schedule id being updated" + }, + "targetRoleAssignmentScheduleInstanceId": { + "type": "string", + "description": "The role assignment schedule instance id being updated" + }, + "ticketInfo": { + "oneOf": [ + { + "$ref": "#/definitions/RoleAssignmentScheduleRequestPropertiesTicketInfo" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Ticket Info of the role assignment" + } + }, + "required": [ + "principalId", + "requestType", + "roleDefinitionId" + ], + "description": "Role assignment schedule request properties with scope." + }, + "RoleAssignmentScheduleRequestPropertiesScheduleInfo": { + "type": "object", + "properties": { + "expiration": { + "oneOf": [ + { + "$ref": "#/definitions/RoleAssignmentScheduleRequestPropertiesScheduleInfoExpiration" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Expiration of the role assignment schedule" + }, + "startDateTime": { + "type": "string", + "format": "date-time", + "description": "Start DateTime of the role assignment schedule." + } + }, + "description": "Schedule info of the role assignment schedule" + }, + "RoleAssignmentScheduleRequestPropertiesScheduleInfoExpiration": { + "type": "object", + "properties": { + "duration": { + "type": "string", + "description": "Duration of the role assignment schedule in TimeSpan." + }, + "endDateTime": { + "type": "string", + "format": "date-time", + "description": "End DateTime of the role assignment schedule." + }, + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "AfterDuration", + "AfterDateTime", + "NoExpiration" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Type of the role assignment schedule expiration." + } + }, + "description": "Expiration of the role assignment schedule" + }, + "RoleAssignmentScheduleRequestPropertiesTicketInfo": { + "type": "object", + "properties": { + "ticketNumber": { + "type": "string", + "description": "Ticket number for the role assignment" + }, + "ticketSystem": { + "type": "string", + "description": "Ticket system name for the role assignment" + } + }, + "description": "Ticket Info of the role assignment" + }, + "RoleEligibilityScheduleRequestProperties": { + "type": "object", + "properties": { + "condition": { + "type": "string", + "description": "The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'" + }, + "conditionVersion": { + "type": "string", + "description": "Version of the condition. Currently accepted value is '2.0'" + }, + "justification": { + "type": "string", + "description": "Justification for the role eligibility" + }, + "principalId": { + "type": "string", + "description": "The principal ID." + }, + "requestType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "AdminAssign", + "AdminRemove", + "AdminUpdate", + "AdminExtend", + "AdminRenew", + "SelfActivate", + "SelfDeactivate", + "SelfExtend", + "SelfRenew" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of the role assignment schedule request. Eg: SelfActivate, AdminAssign etc." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition ID." + }, + "scheduleInfo": { + "oneOf": [ + { + "$ref": "#/definitions/RoleEligibilityScheduleRequestPropertiesScheduleInfo" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Schedule info of the role eligibility schedule" + }, + "targetRoleEligibilityScheduleId": { + "type": "string", + "description": "The resultant role eligibility schedule id or the role eligibility schedule id being updated" + }, + "targetRoleEligibilityScheduleInstanceId": { + "type": "string", + "description": "The role eligibility schedule instance id being updated" + }, + "ticketInfo": { + "oneOf": [ + { + "$ref": "#/definitions/RoleEligibilityScheduleRequestPropertiesTicketInfo" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Ticket Info of the role eligibility" + } + }, + "required": [ + "principalId", + "requestType", + "roleDefinitionId" + ], + "description": "Role eligibility schedule request properties with scope." + }, + "RoleEligibilityScheduleRequestPropertiesScheduleInfo": { + "type": "object", + "properties": { + "expiration": { + "oneOf": [ + { + "$ref": "#/definitions/RoleEligibilityScheduleRequestPropertiesScheduleInfoExpiration" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Expiration of the role eligibility schedule" + }, + "startDateTime": { + "type": "string", + "format": "date-time", + "description": "Start DateTime of the role eligibility schedule." + } + }, + "description": "Schedule info of the role eligibility schedule" + }, + "RoleEligibilityScheduleRequestPropertiesScheduleInfoExpiration": { + "type": "object", + "properties": { + "duration": { + "type": "string", + "description": "Duration of the role eligibility schedule in TimeSpan." + }, + "endDateTime": { + "type": "string", + "format": "date-time", + "description": "End DateTime of the role eligibility schedule." + }, + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "AfterDuration", + "AfterDateTime", + "NoExpiration" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Type of the role eligibility schedule expiration." + } + }, + "description": "Expiration of the role eligibility schedule" + }, + "RoleEligibilityScheduleRequestPropertiesTicketInfo": { + "type": "object", + "properties": { + "ticketNumber": { + "type": "string", + "description": "Ticket number for the role eligibility" + }, + "ticketSystem": { + "type": "string", + "description": "Ticket system name for the role eligibility" + } + }, + "description": "Ticket Info of the role eligibility" + }, + "RoleManagementPolicyAssignmentProperties": { + "type": "object", + "properties": { + "policyId": { + "type": "string", + "description": "The policy id role management policy assignment." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition of management policy assignment." + }, + "scope": { + "type": "string", + "description": "The role management policy scope." + } + }, + "description": "Role management policy assignment properties with scope." + } + } +} \ No newline at end of file diff --git a/schemas/common/autogeneratedResources.json b/schemas/common/autogeneratedResources.json index 156954294d..e5500ffffd 100644 --- a/schemas/common/autogeneratedResources.json +++ b/schemas/common/autogeneratedResources.json @@ -2026,6 +2026,15 @@ { "$ref": "https://schema.management.azure.com/schemas/2020-08-01-preview/Microsoft.Authorization.Authz.json#/unknown_resourceDefinitions/roleAssignments" }, + { + "$ref": "https://schema.management.azure.com/schemas/2020-10-01/Microsoft.Authorization.Authz.json#/unknown_resourceDefinitions/roleAssignmentScheduleRequests" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2020-10-01/Microsoft.Authorization.Authz.json#/unknown_resourceDefinitions/roleEligibilityScheduleRequests" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2020-10-01/Microsoft.Authorization.Authz.json#/unknown_resourceDefinitions/roleManagementPolicyAssignments" + }, { "$ref": "https://schema.management.azure.com/schemas/2020-10-01-preview/Microsoft.Authorization.Authz.json#/unknown_resourceDefinitions/roleAssignments" },