[Hub Generated] Review request for Microsoft.PolicyInsights to add version stable/2023-03-01 (#22789)

* Adds base for updating Microsoft.PolicyInsights from version stable/2022-03-01 to version 2023-03-01

* Updates readme

* Updates API version in new specs and examples

* Add new API version (2023-03-01) to Microsoft.PolicyInsights

* Fixed UNRESOLVABLE_REFERENCE issue

* Fixed UNRESOLVABLE_REFERENCE issue

* Fixed UNRESOLVABLE_REFERENCE issue

* Fixed MissingTypeObject issue

* Added reference to PolicyRestrictions_CheckAtSubscriptionScopeIncludeAuditEffect example and set IncludeAuditEffect default to false

* Added PolicyRestrictions_CheckAtResourceGroupScopeIncludeAuditEffect

* update readme Tag: package-2023-03

* Fixed error in PolicyRestrictions_CheckAtSubscriptionScope.json

* Fixed error in PolicyRestrictions_CheckAtResourceGroupScope.json

* Update readme.go.md

* updated examples for checkPolicyRestrictions

* Added tag for java

* Update specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2023-03-01/checkPolicyRestrictions.json

Co-authored-by: Chris Eggert <eggertc@gmail.com>

* Replaced policyEffect type from enum to string and added doc url to description.

* Revert readme.go.md

* Update checkPolicyRestrictions.json

* Update checkPolicyRestrictions.json

* Update checkPolicyRestrictions.json

* undo last commit

---------

Co-authored-by: Minjae Kim <minjaekim@microsoft.com>
Co-authored-by: Chris Eggert <eggertc@gmail.com>
This commit is contained in:
Min Jae Kim 2023-04-14 02:35:16 -04:00 коммит произвёл GitHub
Родитель 85646b6c1e
Коммит 865db29636
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
7 изменённых файлов: 1148 добавлений и 3 удалений

Просмотреть файл

@ -0,0 +1,474 @@
{
"swagger": "2.0",
"info": {
"title": "CheckPolicyRestrictionsClient",
"version": "2023-03-01"
},
"host": "management.azure.com",
"schemes": [
"https"
],
"produces": [
"application/json"
],
"security": [
{
"azure_auth": [
"user_impersonation"
]
}
],
"securityDefinitions": {
"azure_auth": {
"type": "oauth2",
"authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize",
"flow": "implicit",
"description": "Azure Active Directory OAuth2 Flow",
"scopes": {
"user_impersonation": "impersonate your user account"
}
}
},
"paths": {
"/subscriptions/{subscriptionId}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions": {
"post": {
"operationId": "PolicyRestrictions_CheckAtSubscriptionScope",
"description": "Checks what restrictions Azure Policy will place on a resource within a subscription.",
"parameters": [
{
"$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter"
},
{
"$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter"
},
{
"name": "parameters",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/CheckRestrictionsRequest"
},
"description": "The check policy restrictions parameters."
}
],
"responses": {
"200": {
"description": "The restrictions that will be placed on the resource by Azure Policy.",
"schema": {
"$ref": "#/definitions/CheckRestrictionsResult"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"$ref": "../../stable/2019-10-01/policyMetadata.json#/definitions/ErrorResponse"
}
}
},
"x-ms-examples": {
"Check policy restrictions at subscription scope": {
"$ref": "./examples/PolicyRestrictions_CheckAtSubscriptionScope.json"
},
"Check policy restrictions at subscription scope including audit effect": {
"$ref": "./examples/PolicyRestrictions_CheckAtSubscriptionScopeIncludeAuditEffect.json"
}
}
}
},
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions": {
"post": {
"operationId": "PolicyRestrictions_CheckAtResourceGroupScope",
"description": "Checks what restrictions Azure Policy will place on a resource within a resource group. Use this when the resource group the resource will be created in is already known.",
"parameters": [
{
"$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter"
},
{
"$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter"
},
{
"$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter"
},
{
"name": "parameters",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/CheckRestrictionsRequest"
},
"description": "The check policy restrictions parameters."
}
],
"responses": {
"200": {
"description": "The restrictions that will be placed on the resource by Azure Policy.",
"schema": {
"$ref": "#/definitions/CheckRestrictionsResult"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"$ref": "../../stable/2019-10-01/policyMetadata.json#/definitions/ErrorResponse"
}
}
},
"x-ms-examples": {
"Check policy restrictions at resource group scope": {
"$ref": "./examples/PolicyRestrictions_CheckAtResourceGroupScope.json"
},
"Check policy restrictions at resource group scope including audit effect": {
"$ref": "./examples/PolicyRestrictions_CheckAtResourceGroupScopeIncludeAuditEffect.json"
}
}
}
},
"/providers/{managementGroupsNamespace}/managementGroups/{managementGroupId}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions": {
"post": {
"operationId": "PolicyRestrictions_CheckAtManagementGroupScope",
"description": "Checks what restrictions Azure Policy will place on resources within a management group.",
"parameters": [
{
"$ref": "#/parameters/managementGroupsNamespaceParameter"
},
{
"$ref": "#/parameters/managementGroupIdParameter"
},
{
"$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter"
},
{
"name": "parameters",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/CheckManagementGroupRestrictionsRequest"
},
"description": "The check policy restrictions parameters."
}
],
"responses": {
"200": {
"description": "The restrictions that will be placed on the resource by Azure Policy.",
"schema": {
"$ref": "#/definitions/CheckRestrictionsResult"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"$ref": "../../stable/2019-10-01/policyMetadata.json#/definitions/ErrorResponse"
}
}
},
"x-ms-examples": {
"Check policy restrictions at management group scope": {
"$ref": "./examples/PolicyRestrictions_CheckAtManagementGroupScope.json"
}
}
}
}
},
"definitions": {
"CheckRestrictionsRequest": {
"description": "The check policy restrictions parameters describing the resource that is being evaluated.",
"properties": {
"resourceDetails": {
"description": "The information about the resource that will be evaluated.",
"$ref": "#/definitions/CheckRestrictionsResourceDetails"
},
"pendingFields": {
"description": "The list of fields and values that should be evaluated for potential restrictions.",
"type": "array",
"items": {
"$ref": "#/definitions/PendingField"
}
},
"includeAuditEffect": {
"description": "Whether to include policies with the 'audit' effect in the results. Defaults to false.",
"type": "boolean",
"default": false
}
},
"required": [
"resourceDetails"
]
},
"CheckManagementGroupRestrictionsRequest": {
"type": "object",
"description": "The check policy restrictions parameters describing the resource that is being evaluated.",
"properties": {
"resourceDetails": {
"description": "The information about the resource that will be evaluated.",
"$ref": "#/definitions/CheckRestrictionsResourceDetails"
},
"pendingFields": {
"description": "The list of fields and values that should be evaluated for potential restrictions.",
"type": "array",
"items": {
"$ref": "#/definitions/PendingField"
},
"x-ms-identifiers": []
}
}
},
"CheckRestrictionsResourceDetails": {
"description": "The information about the resource that will be evaluated.",
"properties": {
"resourceContent": {
"description": "The resource content. This should include whatever properties are already known and can be a partial set of all resource properties.",
"type": "object"
},
"apiVersion": {
"description": "The api-version of the resource content.",
"type": "string"
},
"scope": {
"description": "The scope where the resource is being created. For example, if the resource is a child resource this would be the parent resource's resource ID.",
"type": "string"
}
},
"required": [
"resourceContent"
]
},
"PendingField": {
"description": "A field that should be evaluated against Azure Policy to determine restrictions.",
"properties": {
"field": {
"description": "The name of the field. This can be a top-level property like 'name' or 'type' or an Azure Policy field alias.",
"type": "string"
},
"values": {
"description": "The list of potential values for the field that should be evaluated against Azure Policy.",
"type": "array",
"items": {
"type": "string"
}
}
},
"required": [
"field"
]
},
"CheckRestrictionsResult": {
"description": "The result of a check policy restrictions evaluation on a resource.",
"properties": {
"fieldRestrictions": {
"description": "The restrictions that will be placed on various fields in the resource by policy.",
"type": "array",
"items": {
"$ref": "#/definitions/FieldRestrictions"
},
"readOnly": true
},
"contentEvaluationResult": {
"description": "Evaluation results for the provided partial resource content.",
"properties": {
"policyEvaluations": {
"description": "Policy evaluation results against the given resource content. This will indicate if the partial content that was provided will be denied as-is.",
"type": "array",
"items": {
"$ref": "#/definitions/PolicyEvaluationResult"
}
}
},
"readOnly": true
}
}
},
"FieldRestrictions": {
"description": "The restrictions that will be placed on a field in the resource by policy.",
"properties": {
"field": {
"description": "The name of the field. This can be a top-level property like 'name' or 'type' or an Azure Policy field alias.",
"type": "string",
"readOnly": true
},
"restrictions": {
"description": "The restrictions placed on that field by policy.",
"type": "array",
"items": {
"$ref": "#/definitions/FieldRestriction"
}
}
}
},
"FieldRestriction": {
"description": "The restrictions on a field imposed by a specific policy.",
"properties": {
"result": {
"description": "The type of restriction that is imposed on the field.",
"type": "string",
"enum": [
"Required",
"Removed",
"Deny",
"Audit"
],
"x-ms-enum": {
"name": "FieldRestrictionResult",
"modelAsString": true,
"values": [
{
"value": "Required",
"description": "The field and/or values are required by policy."
},
{
"value": "Removed",
"description": "The field will be removed by policy."
},
{
"value": "Deny",
"description": "The field and/or values will be denied by policy."
},
{
"value": "Audit",
"description": "The field and/or values will be audited by policy."
}
]
},
"readOnly": true
},
"defaultValue": {
"description": "The value that policy will set for the field if the user does not provide a value.",
"type": "string",
"readOnly": true
},
"values": {
"description": "The values that policy either requires or denies for the field.",
"type": "array",
"items": {
"type": "string"
},
"readOnly": true
},
"policy": {
"description": "The details of the policy that is causing the field restriction.",
"$ref": "#/definitions/PolicyReference",
"readOnly": true
},
"policyEffect": {
"description": "The effect of the policy that is causing the field restriction. http://aka.ms/policyeffects",
"type": "string",
"readOnly": true
},
"reason": {
"description": "The reason for the restriction.",
"type": "string",
"readOnly": true
}
}
},
"PolicyEvaluationResult": {
"description": "The result of a non-compliant policy evaluation against the given resource content.",
"properties": {
"policyInfo": {
"description": "The details of the policy that was evaluated.",
"$ref": "#/definitions/PolicyReference",
"readOnly": true
},
"evaluationResult": {
"description": "The result of the policy evaluation against the resource. This will typically be 'NonCompliant' but may contain other values if errors were encountered.",
"type": "string",
"readOnly": true
},
"evaluationDetails": {
"description": "The detailed results of the policy expressions and values that were evaluated.",
"$ref": "#/definitions/CheckRestrictionEvaluationDetails",
"readOnly": true
},
"effectDetails": {
"description": "The details of the effect that was applied to the resource.",
"$ref": "#/definitions/PolicyEffectDetails",
"readOnly": true
}
}
},
"PolicyReference": {
"description": "Resource identifiers for a policy.",
"properties": {
"policyDefinitionId": {
"description": "The resource identifier of the policy definition.",
"type": "string",
"readOnly": true
},
"policySetDefinitionId": {
"description": "The resource identifier of the policy set definition.",
"type": "string",
"readOnly": true
},
"policyDefinitionReferenceId": {
"description": "The reference identifier of a specific policy definition within a policy set definition.",
"type": "string",
"readOnly": true
},
"policyAssignmentId": {
"description": "The resource identifier of the policy assignment.",
"type": "string",
"readOnly": true
}
}
},
"PolicyEffectDetails": {
"type": "object",
"description": "The details of the effect that was applied to the resource.",
"properties": {
"policyEffect": {
"description": "The effect that was applied to the resource. http://aka.ms/policyeffects",
"type": "string",
"readOnly": true
}
}
},
"CheckRestrictionEvaluationDetails": {
"type": "object",
"description": "Policy evaluation details.",
"properties": {
"evaluatedExpressions": {
"description": "Details of the evaluated expressions.",
"type": "array",
"items": {
"$ref": "../../stable/2019-10-01/policyStates.json#/definitions/ExpressionEvaluationDetails"
},
"x-ms-identifiers": []
},
"ifNotExistsDetails": {
"description": "Evaluation details of IfNotExists effect.",
"type": "object",
"$ref": "../../stable/2019-10-01/policyStates.json#/definitions/IfNotExistsEvaluationDetails"
},
"reason": {
"description": "The reason for the evaluation result.",
"type": "string",
"readOnly": true
}
}
}
},
"parameters": {
"managementGroupsNamespaceParameter": {
"name": "managementGroupsNamespace",
"in": "path",
"required": true,
"type": "string",
"enum": [
"Microsoft.Management"
],
"x-ms-enum": {
"name": "ManagementGroupsNamespaceType",
"modelAsString": false
},
"description": "The namespace for Microsoft Management RP; only \"Microsoft.Management\" is allowed.",
"x-ms-parameter-location": "method"
},
"managementGroupIdParameter": {
"name": "managementGroupId",
"in": "path",
"required": true,
"type": "string",
"description": "Management group ID.",
"x-ms-parameter-location": "method"
}
}
}

Просмотреть файл

@ -0,0 +1,45 @@
{
"parameters": {
"managementGroupsNamespace": "Microsoft.Management",
"managementGroupId": "financeMg",
"api-version": "2023-03-01",
"parameters": {
"pendingFields": [
{
"field": "type"
}
]
}
},
"responses": {
"200": {
"headers": {},
"body": {
"fieldRestrictions": [
{
"field": "type",
"restrictions": [
{
"result": "Required",
"values": [
"Microsoft.Compute/virtualMachines"
],
"policy": {
"policyDefinitionId": "/providers/Microsoft.Management/managementGroups/financeMg/providers/microsoft.authorization/policyDefinitions/allowedTypes",
"policyAssignmentId": "/providers/Microsoft.Management/managementGroups/financeMg/providers/microsoft.authorization/policyAssignments/7EB1508A",
"policySetDefinitionId": "/providers/Microsoft.Management/managementGroups/financeMg/providers/microsoft.authorization/policySetDefinitions/735551F1",
"policyDefinitionReferenceId": "DefRef"
},
"policyEffect": "Deny",
"reason": "type not allowed"
}
]
}
],
"contentEvaluationResult": {
"policyEvaluations": []
}
}
}
}
}

Просмотреть файл

@ -0,0 +1,148 @@
{
"parameters": {
"subscriptionId": "35ee058e-5fa0-414c-8145-3ebb8d09b6e2",
"resourceGroupName": "vmRg",
"api-version": "2023-03-01",
"parameters": {
"resourceDetails": {
"resourceContent": {
"type": "Microsoft.Compute/virtualMachines",
"properties": {
"priority": "Spot"
}
},
"apiVersion": "2019-12-01"
},
"pendingFields": [
{
"field": "name",
"values": [
"myVMName"
]
},
{
"field": "location",
"values": [
"eastus",
"westus",
"westus2",
"westeurope"
]
},
{
"field": "tags"
}
]
}
},
"responses": {
"200": {
"headers": {},
"body": {
"fieldRestrictions": [
{
"field": "tags.newtag",
"restrictions": [
{
"result": "Required",
"defaultValue": "defaultVal",
"policy": {
"policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/1D0906C3",
"policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/57DAC8A0",
"policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/05D92080",
"policyDefinitionReferenceId": "DefRef"
},
"policyEffect": "Deny",
"reason": "tags.newtag is required"
}
]
},
{
"field": "tags.environment",
"restrictions": [
{
"result": "Required",
"values": [
"Prod",
"Int",
"Test"
],
"policy": {
"policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/30BD79F6",
"policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/7EB1508A",
"policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/735551F1",
"policyDefinitionReferenceId": "DefRef"
},
"policyEffect": "Deny",
"reason": "tags.environment is required"
}
]
},
{
"field": "location",
"restrictions": [
{
"result": "Deny",
"values": [
"west europe"
],
"policy": {
"policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/0711CCC1",
"policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/1563EBD3",
"policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/1E17783A",
"policyDefinitionReferenceId": "DefRef"
},
"policyEffect": "Deny",
"reason": "location must be one of the following: eastus, westus, westus2"
},
{
"result": "Deny",
"values": [
"eastus",
"westus"
],
"policy": {
"policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/25C9F66B",
"policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/5382A69D",
"policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/392D107B",
"policyDefinitionReferenceId": "DefRef"
},
"policyEffect": "Deny",
"reason": "location must be one of the following: westus2"
}
]
}
],
"contentEvaluationResult": {
"policyEvaluations": [
{
"policyInfo": {
"policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/435CAE41",
"policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/2162358E",
"policyDefinitionReferenceId": "defref222",
"policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/2FF66C37"
},
"evaluationResult": "NonCompliant",
"evaluationDetails": {
"evaluatedExpressions": [
{
"result": "True",
"expressionKind": "field",
"expression": "type",
"path": "type",
"expressionValue": "microsoft.compute/virtualmachines",
"targetValue": "microsoft.compute/virtualmachines",
"operator": "equals"
}
]
},
"effectDetails": {
"policyEffect": "Deny"
}
}
]
}
}
}
}
}

Просмотреть файл

@ -0,0 +1,150 @@
{
"parameters": {
"subscriptionId": "35ee058e-5fa0-414c-8145-3ebb8d09b6e2",
"resourceGroupName": "vmRg",
"api-version": "2023-03-01",
"parameters": {
"resourceDetails": {
"resourceContent": {
"type": "Microsoft.Compute/virtualMachines",
"properties": {
"priority": "Spot"
}
},
"apiVersion": "2019-12-01"
},
"pendingFields": [
{
"field": "name",
"values": [
"myVMName"
]
},
{
"field": "location",
"values": [
"eastus",
"westus",
"westus2",
"westeurope"
]
},
{
"field": "tags"
}
],
"includeAuditEffect": true
}
},
"responses": {
"200": {
"headers": {},
"body": {
"fieldRestrictions": [
{
"field": "tags.newtag",
"restrictions": [
{
"result": "Required",
"defaultValue": "defaultVal",
"policy": {
"policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/1D0906C3",
"policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/57DAC8A0",
"policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/05D92080",
"policyDefinitionReferenceId": "DefRef"
},
"policyEffect": "Deny",
"reason": "tags.newtag is required"
}
]
},
{
"field": "tags.environment",
"restrictions": [
{
"result": "Required",
"values": [
"Prod",
"Int",
"Test"
],
"policy": {
"policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/30BD79F6",
"policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/7EB1508A",
"policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/735551F1",
"policyDefinitionReferenceId": "DefRef"
},
"policyEffect": "Audit",
"reason": "tags.environment is required"
}
]
},
{
"field": "location",
"restrictions": [
{
"result": "Deny",
"values": [
"west europe"
],
"policy": {
"policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/0711CCC1",
"policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/1563EBD3",
"policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/1E17783A",
"policyDefinitionReferenceId": "DefRef"
},
"policyEffect": "Deny",
"reason": "The selected location is not allowed"
},
{
"result": "Audit",
"values": [
"eastus",
"westus"
],
"policy": {
"policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/25C9F66B",
"policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/5382A69D",
"policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/392D107B",
"policyDefinitionReferenceId": "DefRef"
},
"policyEffect": "Audit",
"reason": "The selected location is not allowed"
}
]
}
],
"contentEvaluationResult": {
"policyEvaluations": [
{
"policyInfo": {
"policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/435CAE41",
"policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/2162358E",
"policyDefinitionReferenceId": "defref222",
"policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/2FF66C37"
},
"evaluationResult": "NonCompliant",
"evaluationDetails": {
"evaluatedExpressions": [
{
"result": "True",
"expressionKind": "field",
"expression": "type",
"path": "type",
"expressionValue": "microsoft.compute/virtualmachines",
"targetValue": "microsoft.compute/virtualmachines",
"operator": "equals"
}
],
"reason": "Resource creation of the selected type is not allowed"
},
"effectDetails": {
"policyEffect": "Audit"
}
}
]
}
}
}
}
}

Просмотреть файл

@ -0,0 +1,147 @@
{
"parameters": {
"subscriptionId": "35ee058e-5fa0-414c-8145-3ebb8d09b6e2",
"api-version": "2023-03-01",
"parameters": {
"resourceDetails": {
"resourceContent": {
"type": "Microsoft.Compute/virtualMachines",
"properties": {
"priority": "Spot"
}
},
"apiVersion": "2019-12-01"
},
"pendingFields": [
{
"field": "name",
"values": [
"myVMName"
]
},
{
"field": "location",
"values": [
"eastus",
"westus",
"westus2",
"westeurope"
]
},
{
"field": "tags"
}
]
}
},
"responses": {
"200": {
"headers": {},
"body": {
"fieldRestrictions": [
{
"field": "tags.newtag",
"restrictions": [
{
"result": "Required",
"defaultValue": "defaultVal",
"policy": {
"policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/1D0906C3",
"policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/57DAC8A0",
"policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/05D92080",
"policyDefinitionReferenceId": "DefRef"
},
"policyEffect": "Deny",
"reason": "tags.newtag is required"
}
]
},
{
"field": "tags.environment",
"restrictions": [
{
"result": "Required",
"values": [
"Prod",
"Int",
"Test"
],
"policy": {
"policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/30BD79F6",
"policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/7EB1508A",
"policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/735551F1",
"policyDefinitionReferenceId": "DefRef"
},
"policyEffect": "Deny",
"reason": "tags.environment is required"
}
]
},
{
"field": "location",
"restrictions": [
{
"result": "Deny",
"values": [
"west europe"
],
"policy": {
"policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/0711CCC1",
"policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/1563EBD3",
"policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/1E17783A",
"policyDefinitionReferenceId": "DefRef"
},
"policyEffect": "Deny",
"reason": "location must be one of the following: eastus, westus, westus2"
},
{
"result": "Deny",
"values": [
"eastus",
"westus"
],
"policy": {
"policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/25C9F66B",
"policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/5382A69D",
"policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/392D107B",
"policyDefinitionReferenceId": "DefRef"
},
"policyEffect": "Deny",
"reason": "location must be one of the following: westus2"
}
]
}
],
"contentEvaluationResult": {
"policyEvaluations": [
{
"policyInfo": {
"policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/435CAE41",
"policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/2162358E",
"policyDefinitionReferenceId": "defref222",
"policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/2FF66C37"
},
"evaluationResult": "NonCompliant",
"evaluationDetails": {
"evaluatedExpressions": [
{
"result": "True",
"expressionKind": "field",
"expression": "type",
"path": "type",
"expressionValue": "microsoft.compute/virtualmachines",
"targetValue": "microsoft.compute/virtualmachines",
"operator": "equals"
}
]
},
"effectDetails": {
"policyEffect": "Deny"
}
}
]
}
}
}
}
}

Просмотреть файл

@ -0,0 +1,149 @@
{
"parameters": {
"subscriptionId": "35ee058e-5fa0-414c-8145-3ebb8d09b6e2",
"api-version": "2023-03-01",
"parameters": {
"resourceDetails": {
"resourceContent": {
"type": "Microsoft.Compute/virtualMachines",
"properties": {
"priority": "Spot"
}
},
"apiVersion": "2019-12-01"
},
"pendingFields": [
{
"field": "name",
"values": [
"myVMName"
]
},
{
"field": "location",
"values": [
"eastus",
"westus",
"westus2",
"westeurope"
]
},
{
"field": "tags"
}
],
"includeAuditEffect": true
}
},
"responses": {
"200": {
"headers": {},
"body": {
"fieldRestrictions": [
{
"field": "tags.newtag",
"restrictions": [
{
"result": "Required",
"defaultValue": "defaultVal",
"policy": {
"policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/1D0906C3",
"policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/57DAC8A0",
"policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/05D92080",
"policyDefinitionReferenceId": "DefRef"
},
"policyEffect": "Deny",
"reason": "tags.newtag is required"
}
]
},
{
"field": "tags.environment",
"restrictions": [
{
"result": "Required",
"values": [
"Prod",
"Int",
"Test"
],
"policy": {
"policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/30BD79F6",
"policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/7EB1508A",
"policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/735551F1",
"policyDefinitionReferenceId": "DefRef"
},
"policyEffect": "Audit",
"reason": "tags.environment is required"
}
]
},
{
"field": "location",
"restrictions": [
{
"result": "Deny",
"values": [
"west europe"
],
"policy": {
"policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/0711CCC1",
"policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/1563EBD3",
"policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/1E17783A",
"policyDefinitionReferenceId": "DefRef"
},
"policyEffect": "Deny",
"reason": "The selected location is not allowed"
},
{
"result": "Audit",
"values": [
"eastus",
"westus"
],
"policy": {
"policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/25C9F66B",
"policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/5382A69D",
"policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/392D107B",
"policyDefinitionReferenceId": "DefRef"
},
"policyEffect": "Audit",
"reason": "The selected location is not allowed"
}
]
}
],
"contentEvaluationResult": {
"policyEvaluations": [
{
"policyInfo": {
"policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/435CAE41",
"policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/2162358E",
"policyDefinitionReferenceId": "defref222",
"policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/2FF66C37"
},
"evaluationResult": "NonCompliant",
"evaluationDetails": {
"evaluatedExpressions": [
{
"result": "True",
"expressionKind": "field",
"expression": "type",
"path": "type",
"expressionValue": "microsoft.compute/virtualmachines",
"targetValue": "microsoft.compute/virtualmachines",
"operator": "equals"
}
],
"reason": "Resource creation of the selected type is not allowed"
},
"effectDetails": {
"policyEffect": "Audit"
}
}
]
}
}
}
}
}

Просмотреть файл

@ -27,7 +27,7 @@ These are the global settings for the PolicyInsights API.
``` yaml
title: PolicyInsightsClient
openapi-type: arm
tag: package-2022-09
tag: package-2023-03
```
### Validations
@ -139,11 +139,27 @@ directive:
```
### Tag: package-2023-03
These settings apply only when `--tag=package-2023-03` is specified on the command line.
```yaml $(tag) == 'package-2023-03'
input-file:
- Microsoft.PolicyInsights/preview/2018-07-01-preview/policyTrackedResources.json
- Microsoft.PolicyInsights/stable/2021-10-01/remediations.json
- Microsoft.PolicyInsights/stable/2019-10-01/policyEvents.json
- Microsoft.PolicyInsights/stable/2019-10-01/policyStates.json
- Microsoft.PolicyInsights/stable/2019-10-01/policyMetadata.json
- Microsoft.PolicyInsights/stable/2023-03-01/checkPolicyRestrictions.json
- Microsoft.PolicyInsights/stable/2022-04-01/componentPolicyStates.json
- Microsoft.PolicyInsights/stable/2022-04-01/operations.json
- Microsoft.PolicyInsights/stable/2022-09-01/attestations.json
```
### Tag: package-2022-09
These settings apply only when `--tag=package-2022-09` is specified on the command line.
```yaml $(tag) == 'package-2022-09'
``` yaml $(tag) == 'package-2022-09'
input-file:
- Microsoft.PolicyInsights/preview/2018-07-01-preview/policyTrackedResources.json
- Microsoft.PolicyInsights/stable/2021-10-01/remediations.json
@ -155,11 +171,12 @@ input-file:
- Microsoft.PolicyInsights/stable/2022-04-01/operations.json
- Microsoft.PolicyInsights/stable/2022-09-01/attestations.json
```
### Tag: package-2022-04
These settings apply only when `--tag=package-2022-04` is specified on the command line.
```yaml $(tag) == 'package-2022-04'
``` yaml $(tag) == 'package-2022-04'
input-file:
- Microsoft.PolicyInsights/preview/2018-07-01-preview/policyTrackedResources.json
- Microsoft.PolicyInsights/stable/2021-10-01/remediations.json
@ -347,6 +364,7 @@ output-folder: $(azure-libraries-for-java-folder)/azure-mgmt-policyinsights
``` yaml $(java) && $(multiapi)
batch:
- tag: package-2023-03
- tag: package-2022-09
- tag: package-2022-04
- tag: package-2022-03
@ -358,6 +376,19 @@ batch:
- tag: package-2018-04
```
### Tag: package-2023-03 and java
These settings apply only when `--tag=package-2023-03 --java` is specified on the command line.
Please also specify `--azure-libraries-for-java-folder=<path to the root directory of your azure-sdk-for-java clone>`.
``` yaml $(tag) == 'package-2023-03' && $(java)
java:
namespace: com.microsoft.azure.management.policyinsights.v2023_03_01
output-folder: $(azure-libraries-for-java-folder)/sdk/policyinsights/mgmt-v2023_03_01
regenerate-manager: true
generate-interface: true
```
### Tag: package-2022-09 and java
These settings apply only when `--tag=package-2022-09 --java` is specified on the command line.
@ -370,6 +401,7 @@ java:
regenerate-manager: true
generate-interface: true
```
### Tag: package-2022-04 and java
These settings apply only when `--tag=package-2022-04 --java` is specified on the command line.