Azure
diff --git a/‎specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/policyStates.json‎
Lines changed: 5 additions & 0 deletions b/‎specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/policyStates.json‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/checkPolicyRestrictions.json‎
Lines changed: 320 additions & 0 deletions b/‎specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/checkPolicyRestrictions.json‎
Lines changed: 320 additions & 0 deletions
@@ -1398,6 +1398,11 @@
           "description": "Expression evaluated.",
           "type": "string"
         },
+        "expressionKind": {
+          "description": "The kind of expression that was evaluated.",
+          "type": "string",
+          "readOnly": true
+        },
         "path": {
           "description": "Property path if the expression is a field or an alias.",
           "type": "string"
 
@@ -0,0 +1,320 @@
+{
+  "swagger": "2.0",
+  "info": {
+    "title": "CheckPolicyRestrictionsClient",
+    "version": "2020-07-01"
+  },
+  "host": "management.azure.com",
+  "schemes": [
+    "https"
+  ],
+  "produces": [
+    "application/json"
+  ],
+  "security": [
+    {
+      "azure_auth": [
+        "user_impersonation"
+      ]
+    }
+  ],
+  "securityDefinitions": {
+    "azure_auth": {
+      "type": "oauth2",
+      "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize",
+      "flow": "implicit",
+      "description": "Azure Active Directory OAuth2 Flow",
+      "scopes": {
+        "user_impersonation": "impersonate your user account"
+      }
+    }
+  },
+  "paths": {
+    "/subscriptions/{subscriptionId}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions": {
+      "post": {
+        "operationId": "PolicyRestrictions_CheckAtSubscriptionScope",
+        "description": "Checks what restrictions Azure Policy will place on a resource within a subscription.",
+        "parameters": [
+          {
+            "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter"
+          },
+          {
+            "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter"
+          },
+          {
+            "name": "parameters",
+            "in": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/CheckRestrictionsRequest"
+            },
+            "description": "The check policy restrictions parameters."
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "The restrictions that will be placed on the resource by Azure Policy.",
+            "schema": {
+              "$ref": "#/definitions/CheckRestrictionsResult"
+            }
+          },
+          "default": {
+            "description": "Error response describing why the operation failed.",
+            "schema": {
+              "$ref": "../../stable/2019-10-01/policyMetadata.json#/definitions/ErrorResponse"
+            }
+          }
+        },
+        "x-ms-examples": {
+          "Check policy restrictions at subscription scope": {
+            "$ref": "./examples/PolicyRestrictions_CheckAtSubscriptionScope.json"
+          }
+        }
+      }
+    },
+    "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions": {
+      "post": {
+        "operationId": "PolicyRestrictions_CheckAtResourceGroupScope",
+        "description": "Checks what restrictions Azure Policy will place on a resource within a resource group. Use this when the resource group the resource will be created in is already known.",
+        "parameters": [
+          {
+            "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter"
+          },
+          {
+            "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter"
+          },
+          {
+            "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter"
+          },
+          {
+            "name": "parameters",
+            "in": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/CheckRestrictionsRequest"
+            },
+            "description": "The check policy restrictions parameters."
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "The restrictions that will be placed on the resource by Azure Policy.",
+            "schema": {
+              "$ref": "#/definitions/CheckRestrictionsResult"
+            }
+          },
+          "default": {
+            "description": "Error response describing why the operation failed.",
+            "schema": {
+              "$ref": "../../stable/2019-10-01/policyMetadata.json#/definitions/ErrorResponse"
+            }
+          }
+        },
+        "x-ms-examples": {
+          "Check policy restrictions at resource group scope": {
+            "$ref": "./examples/PolicyRestrictions_CheckAtResourceGroupScope.json"
+          }
+        }
+      }
+    }
+  },
+  "definitions": {
+    "CheckRestrictionsRequest": {
+      "description": "The check policy restrictions parameters describing the resource that is being evaluated.",
+      "properties": {
+        "resourceDetails": {
+          "description": "The information about the resource that will be evaluated.",
+          "$ref": "#/definitions/CheckRestrictionsResourceDetails"
+        },
+        "pendingFields": {
+          "description": "The list of fields and values that should be evaluated for potential restrictions.",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/PendingField"
+          }
+        }
+      },
+      "required": [
+        "resourceDetails"
+      ]
+    },
+    "CheckRestrictionsResourceDetails": {
+      "description": "The information about the resource that will be evaluated.",
+      "properties": {
+        "resourceContent": {
+          "description": "The resource content. This should include whatever properties are already known and can be a partial set of all resource properties.",
+          "type": "object"
+        },
+        "apiVersion": {
+          "description": "The api-version of the resource content.",
+          "type": "string"
+        },
+        "scope": {
+          "description": "The scope where the resource is being created. For example, if the resource is a child resource this would be the parent resource's resource ID.",
+          "type": "string"
+        }
+      },
+      "required": [
+        "resourceContent"
+      ]
+    },
+    "PendingField": {
+      "description": "A field that should be evaluated against Azure Policy to determine restrictions.",
+      "properties": {
+        "field": {
+          "description": "The name of the field. This can be a top-level property like 'name' or 'type' or an Azure Policy field alias.",
+          "type": "string"
+        },
+        "values": {
+          "description": "The list of potential values for the field that should be evaluated against Azure Policy.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "required": [
+        "field"
+      ]
+    },
+    "CheckRestrictionsResult": {
+      "description": "The result of a check policy restrictions evaluation on a resource.",
+      "properties": {
+        "fieldRestrictions": {
+          "description": "The restrictions that will be placed on various fields in the resource by policy.",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/FieldRestrictions"
+          },
+          "readOnly": true
+        },
+        "contentEvaluationResult": {
+          "description": "Evaluation results for the provided partial resource content.",
+          "properties": {
+            "policyEvaluations": {
+              "description": "Policy evaluation results against the given resource content. This will indicate if the partial content that was provided will be denied as-is.",
+              "type": "array",
+              "items": {
+                "$ref": "#/definitions/PolicyEvaluationResult"
+              }
+            }
+          },
+          "readOnly": true
+        }
+      }
+    },
+    "FieldRestrictions": {
+      "description": "The restrictions that will be placed on a field in the resource by policy.",
+      "properties": {
+        "field": {
+          "description": "The name of the field. This can be a top-level property like 'name' or 'type' or an Azure Policy field alias.",
+          "type": "string",
+          "readOnly": true
+        },
+        "restrictions": {
+          "description": "The restrictions placed on that field by policy.",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/FieldRestriction"
+          }
+        }
+      }
+    },
+    "FieldRestriction": {
+      "description": "The restrictions on a field imposed by a specific policy.",
+      "properties": {
+        "result": {
+          "description": "The type of restriction that is imposed on the field.",
+          "type": "string",
+          "enum": [
+            "Required",
+            "Removed",
+            "Deny"
+          ],
+          "x-ms-enum": {
+            "name": "FieldRestrictionResult",
+            "modelAsString": true,
+            "values": [
+              {
+                "value": "Required",
+                "description": "The field and/or values are required by policy."
+              },
+              {
+                "value": "Removed",
+                "description": "The field will be removed by policy."
+              },
+              {
+                "value": "Deny",
+                "description": "The field and/or values will be denied by policy."
+              }
+            ]
+          },
+          "readOnly": true
+        },
+        "defaultValue": {
+          "description": "The value that policy will set for the field if the user does not provide a value.",
+          "type": "string",
+          "readOnly": true
+        },
+        "values": {
+          "description": "The values that policy either requires or denies for the field.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          },
+          "readOnly": true
+        },
+        "policy": {
+          "description": "The details of the policy that is causing the field restriction.",
+          "$ref": "#/definitions/PolicyReference",
+          "readOnly": true
+        }
+      }
+    },
+    "PolicyEvaluationResult": {
+      "description": "The result of a non-compliant policy evaluation against the given resource content.",
+      "properties": {
+        "policyInfo": {
+          "description": "The details of the policy that was evaluated.",
+          "$ref": "#/definitions/PolicyReference",
+          "readOnly": true
+        },
+        "evaluationResult": {
+          "description": "The result of the policy evaluation against the resource. This will typically be 'NonCompliant' but may contain other values if errors were encountered.",
+          "type": "string",
+          "readOnly": true
+        },
+        "evaluationDetails": {
+          "description": "The detailed results of the policy expressions and values that were evaluated.",
+          "$ref": "../../stable/2019-10-01/policyStates.json#/definitions/PolicyEvaluationDetails",
+          "readOnly": true
+        }
+      }
+    },
+    "PolicyReference": {
+      "description": "Resource identifiers for a policy.",
+      "properties": {
+        "policyDefinitionId": {
+          "description": "The resource identifier of the policy definition.",
+          "type": "string",
+          "readOnly": true
+        },
+        "policySetDefinitionId": {
+          "description": "The resource identifier of the policy set definition.",
+          "type": "string",
+          "readOnly": true
+        },
+        "policyDefinitionReferenceId": {
+          "description": "The reference identifier of a specific policy definition within a policy set definition.",
+          "type": "string",
+          "readOnly": true
+        },
+        "policyAssignmentId": {
+          "description": "The resource identifier of the policy assignment.",
+          "type": "string",
+          "readOnly": true
+        }
+      }
+    }
+  }
+}