diff --git a/.github/workflows/autogenerateBatch0.yml b/.github/workflows/autogenerateBatch0.yml deleted file mode 100644 index 3e3352aa8d..0000000000 --- a/.github/workflows/autogenerateBatch0.yml +++ /dev/null @@ -1,68 +0,0 @@ -# This is a basic workflow to help you get started with Actions - -name: Autogenerate (Batch 0) - -on: - push: - branches: [ autogenerate ] - -# A workflow run is made up of one or more jobs that can run sequentially or in parallel -jobs: - # This workflow contains a single job called "build" - build: - # The type of runner that the job will run on - runs-on: ubuntu-latest - - # Steps represent a sequence of tasks that will be executed as part of the job - steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 - - - name: Configure Git - run: | - git config user.name "Autogenerator Pipeline" - git config user.email "azure-resource-manager-schemas@noreply.github.com" - - - name: Integrate main branch - run: | - git checkout autogenerate - git pull - git merge --no-commit --no-ff --strategy-option=theirs origin/master --allow-unrelated-histories - if ! git diff-index --quiet HEAD --; then - git commit -m "Merge remote-tracking branch 'origin/master' into autogenerate" - git push origin autogenerate - fi - - - name: Setup Node.js - uses: actions/setup-node@v2.1.2 - with: - node-version: 14.x - - - name: Install packages - run: npm install - working-directory: ./generator - - - name: Generate Schemas - run: | - npm run generate-all '{"batchCount": 4, "batchIndex": 0}' - working-directory: ./generator - - - name: Commit autogenerated schemas - run: | - git add --all schemas - if ! git diff-index --quiet HEAD --; then - git commit -m "Autogenerate schemas" - git push origin autogenerate - fi - - - name: List resources - run: | - npm run list-resources resources.json - - - name: Commit resource list - run: | - git add generator/resources.json - if ! git diff-index --quiet HEAD --; then - git commit -m "Update resource list" - git push origin autogenerate - fi diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 39ee51dbf6..aef13b5dfe 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -2,7 +2,7 @@ name: CI on: pull_request: - branches: [ master ] + branches: [ main ] jobs: build: runs-on: ubuntu-latest diff --git a/azure-pipelines-autogen.yml b/azure-pipelines-autogen.yml index dfce2fb608..fbdd9c9f18 100644 --- a/azure-pipelines-autogen.yml +++ b/azure-pipelines-autogen.yml @@ -46,12 +46,12 @@ jobs: set -Eeuxo pipefail git checkout $(Build.SourceBranchName) git pull - git merge --no-commit --no-ff --strategy-option=theirs origin/master + git merge --no-commit --no-ff --strategy-option=theirs origin/main if ! git diff-index --quiet HEAD --; then - git commit -m "Merge remote-tracking branch 'origin/master' into $(Build.SourceBranchName)" + git commit -m "Merge remote-tracking branch 'origin/main' into $(Build.SourceBranchName)" git push origin $(Build.SourceBranchName) fi - displayName: Integrate master branch + displayName: Integrate main branch - script: | set -Eeuxo pipefail diff --git a/generator/README.md b/generator/README.md index fd6acf3248..daeda63da0 100644 --- a/generator/README.md +++ b/generator/README.md @@ -28,15 +28,19 @@ View the Pipeline Configuration [here](/azure-pipelines-autogen.yml). #### Merging Pipeline-generated schemas 1. Review the status badge on this page to ensure the latest run was successful. -2. Create a Pull Request from [`autogenerate`](https://github.com/Azure/azure-resource-manager-schemas/tree/autogenerate) to [`master`](https://github.com/Azure/azure-resource-manager-schemas/tree/master). +2. Create a Pull Request from [`autogenerate`](https://github.com/Azure/azure-resource-manager-schemas/tree/autogenerate) to [`main`](https://github.com/Azure/azure-resource-manager-schemas/tree/main). 3. If there are any modifications to [schemas/common/autogeneratedResources.json](/schemas/common/autogeneratedResources.json), push a commit to the autogenerate branch to make any corresponding changes to [schemas/2014-04-01-preview/deploymentTemplate.json](/schemas/2014-04-01-preview/deploymentTemplate.json) and [schemas/2015-01-01/deploymentTemplate.json](/schemas/2015-01-01/deploymentTemplate.json). #### Onboarding to the autogeneration pipeline - -1. Follow the steps listed under [Getting Started](#getting-started). The following commands assume you are running in the `generator` directory. -3. Run `npm run list-basepaths` to discover the specs repo path containing the swagger definitions. -4. Run `npm run generate-single {basePath}` to generate schemas for them. Save the console output to file. -5. Manually remove any existing references to your provider namespace (if any) from [schemas/2019-04-01/deploymentTemplate.json](/schemas/2019-04-01/deploymentTemplate.json). -6. Add the {basePath} to the autogenlist array in [autogenlist.ts](./autogenlist.ts). -7. Commit all the changed files, and submit a PR to this repo with title "Onboarding {provider} for autogeneration". Include the full output saved in step 2 as a comment. -8. Ensure all CI tests pass, and ask the team to review the PR (including tool output) to ensure that all expected resources have been detected and generated as expected. +New resource providers are onboarded for autogeneration by default, so the only providers which have been opted out are listed in [autogenlist.ts](./autogenlist.ts) with `disabledForAutogen` set. + +If your team has been opted out, and you would like to opt in, please raise an issue in this repo, and we will assist. + +> The following steps are no longer necessary for onboarding, but listed here for reference: +> 1. Follow the steps listed under [Getting Started](#getting-started). The following commands assume you are running in the > `generator` directory. +> 3. Run `npm run list-basepaths` to discover the specs repo path containing the swagger definitions. +> 4. Run `npm run generate-single {basePath}` to generate schemas for them. Save the console output to file. +> 5. Manually remove any existing references to your provider namespace (if any) from [schemas/2019-04-01/deploymentTemplate.> json](/schemas/2019-04-01/deploymentTemplate.json). +> 6. Add the {basePath} to the autogenlist array in [autogenlist.ts](./autogenlist.ts). +> 7. Commit all the changed files, and submit a PR to this repo with title "Onboarding {provider} for autogeneration". Include > the full output saved in step 2 as a comment. +> 8. Ensure all CI tests pass, and ask the team to review the PR (including tool output) to ensure that all expected resources > have been detected and generated as expected. diff --git a/generator/autogenlist.ts b/generator/autogenlist.ts index 62088c6679..2b1f7dd7bc 100644 --- a/generator/autogenlist.ts +++ b/generator/autogenlist.ts @@ -8,8 +8,229 @@ import { postProcessor as policyProcessor } from './processors/Microsoft.Authori import { postProcessor as securityInsightsPostProcessor } from './processors/Microsoft.SecurityInsights'; import { lowerCaseEquals } from './utils'; +// New providers are onboarded by default. The providers listed here are the only ones **not** onboarded. +const disabledProviders: AutoGenConfig[] = [ + { + basePath: 'advisor/resource-manager', + namespace: 'Microsoft.Advisor', + disabledForAutogen: true, + }, + { + basePath: 'agrifood/resource-manager', + namespace: 'Microsoft.AgFoodPlatform', + disabledForAutogen: true, + }, + { + basePath: 'azure-kusto/resource-manager', + namespace: 'Microsoft.Kusto', + disabledForAutogen: true, + }, + { + basePath: 'azurestackhci/resource-manager', + namespace: 'Microsoft.AzureStackHCI', + disabledForAutogen: true, + }, + { + basePath: 'baremetalinfrastructure/resource-manager', + namespace: 'Microsoft.BareMetalInfrastructure', + disabledForAutogen: true, + }, + { + basePath: 'cloudshell/resource-manager', + namespace: 'Microsoft.Portal', + disabledForAutogen: true, + }, + { + basePath: 'compute/resource-manager', + namespace: 'Microsoft.Compute', + disabledForAutogen: true, + }, + { + basePath: 'compute/resource-manager', + namespace: 'Microsoft.ContainerService', + disabledForAutogen: true, + }, + { + basePath: 'confidentialledger/resource-manager', + namespace: 'Microsoft.ConfidentialLedger', + disabledForAutogen: true, + }, + { + basePath: 'cost-management/resource-manager', + namespace: 'Microsoft.CostManagement', + disabledForAutogen: true, + }, + { + basePath: 'cpim/resource-manager', + namespace: 'Microsoft.AzureActiveDirectory', + disabledForAutogen: true, + }, + { + basePath: 'dataprotection/resource-manager', + namespace: 'Microsoft.DataProtection', + disabledForAutogen: true, + }, + { + // Disabled as the swagger spec contains a type ("DateTimeRfc1123") which autorest is unable to parse: https://github.com/Azure/autorest.azureresourceschema/issues/71 + basePath: 'domainservices/resource-manager', + namespace: 'Microsoft.AAD', + disabledForAutogen: true, + }, + { + basePath: 'dfp/resource-manager', + namespace: 'Microsoft.Dynamics365Fraudprotection', + disabledForAutogen: true, + }, + { + basePath: 'dnc/resource-manager', + namespace: 'Microsoft.DelegatedNetwork', + disabledForAutogen: true, + }, + { + basePath: 'dns/resource-manager', + namespace: 'Microsoft.Network', + disabledForAutogen: true, + }, + { + basePath: 'edgeorder/resource-manager', + namespace: 'Microsoft.EdgeOrder', + disabledForAutogen: true, + }, + { + basePath: 'edgeorderpartner/resource-manager', + namespace: 'Microsoft.EdgeOrderPartner', + disabledForAutogen: true, + }, + { + basePath: 'extendedlocation/resource-manager', + namespace: 'Microsoft.ExtendedLocation', + disabledForAutogen: true, + }, + { + basePath: 'fluidrelay/resource-manager', + namespace: 'Microsoft.FluidRelay', + disabledForAutogen: true, + }, + { + basePath: 'iotsecurity/resource-manager', + namespace: 'Microsoft.IoTSecurity', + disabledForAutogen: true, + }, + { + basePath: 'logic/resource-manager', + namespace: 'Microsoft.Logic', + disabledForAutogen: true, + }, + { + basePath: 'm365securityandcompliance/resource-manager', + namespace: 'Microsoft.M365SecurityAndCompliance', + disabledForAutogen: true, + }, + { + basePath: 'managedservices/resource-manager', + namespace: 'Microsoft.ManagedServices', + disabledForAutogen: true, + }, + { + basePath: 'marketplacenotifications/resource-manager', + namespace: 'Microsoft.MarketplaceNotifications', + disabledForAutogen: true, + }, + { + basePath: 'marketplaceordering/resource-manager', + namespace: 'Microsoft.MarketplaceOrdering', + disabledForAutogen: true, + }, + { + basePath: 'mediaservices/resource-manager', + namespace: 'Microsoft.Media', + disabledForAutogen: true, + }, + { + basePath: 'msi/resource-manager', + namespace: 'Microsoft.ManagedIdentity', + disabledForAutogen: true, + }, + { + basePath: 'network/resource-manager', + namespace: 'Microsoft.Network', + disabledForAutogen: true, + }, + { + basePath: 'operationsmanagement/resource-manager', + namespace: 'Microsoft.OperationsManagement', + disabledForAutogen: true, + }, + { + basePath: 'privatedns/resource-manager', + namespace: 'Microsoft.Network', + disabledForAutogen: true, + }, + { + basePath: 'providerhub/resource-manager', + namespace: 'Microsoft.ProviderHub', + disabledForAutogen: true, + }, + { + basePath: 'purview/resource-manager', + namespace: 'Microsoft.Purview', + disabledForAutogen: true, + }, + { + basePath: 'quota/resource-manager', + namespace: 'Microsoft.Quota', + disabledForAutogen: true, + }, + { + basePath: 'resources/resource-manager', + namespace: 'Microsoft.Features', + disabledForAutogen: true, + }, + { + basePath: 'resources/resource-manager', + namespace: 'Microsoft.Solutions', + disabledForAutogen: true, + }, + { + basePath: 'securityandcompliance/resource-manager', + namespace: 'Microsoft.SecurityAndCompliance', + disabledForAutogen: true, + }, + { + basePath: 'service-map/resource-manager', + namespace: 'Microsoft.OperationalInsights', + disabledForAutogen: true, + }, + { + basePath: 'servicefabricmanagedclusters/resource-manager', + namespace: 'Microsoft.ServiceFabricManagedClusters', + disabledForAutogen: true, + }, + { + basePath: 'testbase/resource-manager', + namespace: 'Microsoft.TestBase', + disabledForAutogen: true, + }, + { + basePath: 'trafficmanager/resource-manager', + namespace: 'Microsoft.Network', + disabledForAutogen: true, + }, + { + basePath: 'videoanalyzer/resource-manager', + namespace: 'Microsoft.Media', + disabledForAutogen: true, + }, + { + basePath: 'webpubsub/resource-manager', + namespace: 'Microsoft.SignalRService', + disabledForAutogen: true, + }, +]; + // Run "npm run list-basepaths" to discover all the valid readme files to add to this list const autoGenList: AutoGenConfig[] = [ + ...disabledProviders, { basePath: 'addons/resource-manager', namespace: 'Microsoft.Addons', @@ -268,10 +489,6 @@ const autoGenList: AutoGenConfig[] = [ basePath: 'EnterpriseKnowledgeGraph/resource-manager', namespace: 'Microsoft.EnterpriseKnowledgeGraph', }, - /*{ NOTE(jcotillo): Temporally removing this RP - latest swagger contains an unsupported type by the schema generator tool - basePath: 'domainservices/resource-manager', - namespace: 'Microsoft.AAD', - },*/ { basePath: 'eventhub/resource-manager', namespace: 'Microsoft.EventHub', @@ -827,13 +1044,25 @@ const autoGenList: AutoGenConfig[] = [ { basePath: 'deviceupdate/resource-manager', namespace: 'Microsoft.DeviceUpdate', - } + }, ]; -export function getAutoGenList(): AutoGenConfig[] { - return autoGenList; -} - export function findAutogenEntries(basePath: string): AutoGenConfig[] { return autoGenList.filter(w => lowerCaseEquals(w.basePath, basePath)); } + +export function findOrGenerateAutogenEntries(basePath: string, namespaces: string[]): AutoGenConfig[] { + const entries = findAutogenEntries(basePath).filter(e => namespaces.some(ns => lowerCaseEquals(e.namespace, ns))); + + for (const namespace of namespaces) { + if (!entries.some(e => lowerCaseEquals(e.namespace, namespace))) { + // Generate configuration for any RPs not explicitly declared in the autogen list + entries.push({ + basePath, + namespace, + }); + } + } + + return entries; +} \ No newline at end of file diff --git a/generator/cmd/findbasepath.ts b/generator/cmd/findbasepath.ts index aa1f0081c5..b0a8ae3a4f 100644 --- a/generator/cmd/findbasepath.ts +++ b/generator/cmd/findbasepath.ts @@ -17,7 +17,7 @@ executeSynchronous(async () => { const autoGenEntries = findAutogenEntries(basePath); - if (autoGenEntries.length === 0) { + if (autoGenEntries[0]?.disabledForAutogen === true) { // not onboarded in autogeneration console.log("false"); return; diff --git a/generator/cmd/generateall.ts b/generator/cmd/generateall.ts index 3960606ec0..28a8fe13a2 100644 --- a/generator/cmd/generateall.ts +++ b/generator/cmd/generateall.ts @@ -1,11 +1,11 @@ import * as constants from '../constants'; -import { cloneAndGenerateBasePaths, getPackageString, resolveAbsolutePath, validateAndReturnReadmePath } from '../specs'; -import { SchemaConfiguration, generateSchemas, clearAutoGeneratedSchemaRefs, saveAutoGeneratedSchemaRefs } from '../generate'; -import { getAutoGenList } from '../autogenlist'; +import { cloneAndGenerateBasePaths, generateBasePaths, getPackageString, resolveAbsolutePath, validateAndReturnReadmePath } from '../specs'; +import { SchemaConfiguration, generateSchemas, clearAutoGeneratedSchemaRefs, saveAutoGeneratedSchemaRefs, getApiVersionsByNamespace } from '../generate'; +import { findOrGenerateAutogenEntries } from '../autogenlist'; import chalk from 'chalk'; -import { flatten } from 'lodash'; -import { executeSynchronous, chunker, writeJsonFile } from '../utils'; -import { Package } from '../models'; +import { flatten, keys, partition } from 'lodash'; +import { executeSynchronous, chunker, writeJsonFile, lowerCaseEquals } from '../utils'; +import { AutoGenConfig, Package } from '../models'; interface GenerateAllParams { batchCount?: number, @@ -26,56 +26,67 @@ function parseParams(): GenerateAllParams { executeSynchronous(async () => { const params = parseParams(); - let filteredAutoGenList = getAutoGenList(); - if (params.batchCount !== undefined && params.batchIndex !== undefined) { - filteredAutoGenList = chunker(filteredAutoGenList, params.batchCount)[params.batchIndex]; - } - + let basePaths; let localPath = params.localPath; if (!localPath) { localPath = constants.specsRepoPath; - await cloneAndGenerateBasePaths(localPath, constants.specsRepoUri, constants.specsRepoCommitHash); + basePaths = await cloneAndGenerateBasePaths(localPath, constants.specsRepoUri, constants.specsRepoCommitHash); } else { localPath = await resolveAbsolutePath(localPath); + basePaths = await generateBasePaths(localPath); } - if (!!params.readmeFiles) { - filteredAutoGenList = filteredAutoGenList.filter(c => { - let r = params.readmeFiles?.find(f => f.startsWith('specification/' + c.basePath)); - if (!!r) { - c.readmeFile = r; - return true; - } - return false; - } - ); + if (params.batchCount !== undefined && params.batchIndex !== undefined) { + basePaths = chunker(basePaths, params.batchCount)[params.batchIndex]; } - await clearAutoGeneratedSchemaRefs(filteredAutoGenList); - const schemaConfigs: SchemaConfiguration[] = []; const errors = []; const packages: Package[] = []; - for (const autoGenConfig of filteredAutoGenList) { - let pkg = { - path: ['schemas'] - } as Package; - try { - const readme = await validateAndReturnReadmePath(localPath, autoGenConfig.readmeFile || autoGenConfig.basePath); - pkg.packageName = getPackageString(readme); - - const newConfigs = await generateSchemas(readme, autoGenConfig); - schemaConfigs.push(...newConfigs); - pkg.result = 'succeeded'; - } catch(error) { - pkg.packageName = autoGenConfig.basePath; - pkg.result = 'failed'; - console.log(chalk.red(`Caught exception processing autogenlist entry ${autoGenConfig.basePath}.`)); - console.log(chalk.red(error)); - - errors.push(error); + + for (const basePath of basePaths) { + const readme = await validateAndReturnReadmePath(localPath, basePath); + const namespaces = keys(await getApiVersionsByNamespace(readme)); + let filteredAutoGenList = findOrGenerateAutogenEntries(basePath, namespaces); + + if (!!params.readmeFiles) { + filteredAutoGenList = filteredAutoGenList.filter(c => { + let r = params.readmeFiles?.find(f => f.startsWith('specification/' + c.basePath)); + if (!!r) { + c.readmeFile = r; + return true; + } + return false; + }); + } + + await clearAutoGeneratedSchemaRefs(filteredAutoGenList); + + for (const autoGenConfig of filteredAutoGenList) { + if (autoGenConfig.disabledForAutogen === true) { + continue; + } + + let pkg = { + path: ['schemas'] + } as Package; + try { + const readme = await validateAndReturnReadmePath(localPath, autoGenConfig.readmeFile || autoGenConfig.basePath); + pkg.packageName = getPackageString(readme); + + const newConfigs = await generateSchemas(readme, autoGenConfig); + schemaConfigs.push(...newConfigs); + pkg.result = 'succeeded'; + } catch(error) { + pkg.packageName = autoGenConfig.basePath; + pkg.result = 'failed'; + console.log(chalk.red(`Caught exception processing autogenlist entry ${autoGenConfig.basePath}.`)); + console.log(chalk.red(error)); + + errors.push(error); + } + packages.push(pkg); } - packages.push(pkg); } await saveAutoGeneratedSchemaRefs(flatten(schemaConfigs)); @@ -89,4 +100,4 @@ executeSynchronous(async () => { } } -}); \ No newline at end of file +}); diff --git a/generator/cmd/generateonboardedreport.ts b/generator/cmd/generateonboardedreport.ts index e6e996f7f9..f5b99ae948 100644 --- a/generator/cmd/generateonboardedreport.ts +++ b/generator/cmd/generateonboardedreport.ts @@ -1,7 +1,7 @@ import * as constants from '../constants'; import { cloneAndGenerateBasePaths, validateAndReturnReadmePath } from '../specs'; import chalk from 'chalk'; -import { findAutogenEntries } from '../autogenlist'; +import { findOrGenerateAutogenEntries } from '../autogenlist'; import { executeSynchronous, lowerCaseEquals, writeJsonFile, safeMkdir } from '../utils'; import { getApiVersionsByNamespace } from '../generate'; import { keys, partition } from 'lodash'; @@ -15,11 +15,11 @@ executeSynchronous(async () => { for (const basePath of basePaths) { const readme = await validateAndReturnReadmePath(constants.specsRepoPath, basePath); const namespaces = keys(await getApiVersionsByNamespace(readme)); - const autogenlistEntries = findAutogenEntries(basePath); + const autogenlistEntries = findOrGenerateAutogenEntries(basePath, namespaces); - const [autogened, unautogened] = partition( - namespaces, - n => autogenlistEntries.findIndex(w => lowerCaseEquals(w.namespace, n)) > -1); + const [unautogened, autogened] = partition( + autogenlistEntries, + e => e.disabledForAutogen === true); if (unautogened.length > 0 && autogened.length > 0) { // For partial autogeneration only, add two items @@ -28,7 +28,7 @@ executeSynchronous(async () => { allBasePaths.push({ 'basePath': basePath, 'onboardedToAutogen': 'no', - 'missing': unautogened, + 'missing': unautogened.map(x => x.namespace), 'onboarded': [] }); @@ -36,7 +36,7 @@ executeSynchronous(async () => { 'basePath': basePath, 'onboardedToAutogen': 'yes', 'missing': [], - 'onboarded': autogened + 'onboarded': autogened.map(x => x.namespace) }); } else { @@ -44,7 +44,7 @@ executeSynchronous(async () => { allBasePaths.push({ 'basePath': basePath, 'onboardedToAutogen': unautogened.length === 0 ? 'yes' : 'no', - 'missing': unautogened, + 'missing': unautogened.map(x => x.namespace), 'onboarded': [] }); } diff --git a/generator/cmd/generatesingle.ts b/generator/cmd/generatesingle.ts index 0872581b74..6e63604dc7 100644 --- a/generator/cmd/generatesingle.ts +++ b/generator/cmd/generatesingle.ts @@ -1,9 +1,10 @@ import * as constants from '../constants'; -import { cloneAndGenerateBasePaths, resolveAbsolutePath, validateAndReturnReadmePath, getPackageString } from '../specs'; -import { generateSchemas, saveAutoGeneratedSchemaRefs } from '../generate'; +import { cloneAndGenerateBasePaths, resolveAbsolutePath, validateAndReturnReadmePath } from '../specs'; +import { generateSchemas, saveAutoGeneratedSchemaRefs, getApiVersionsByNamespace } from '../generate'; import process from 'process'; -import { findAutogenEntries } from '../autogenlist'; +import { findOrGenerateAutogenEntries } from '../autogenlist'; import chalk from 'chalk'; +import { keys } from 'lodash'; import { executeSynchronous } from '../utils'; executeSynchronous(async () => { @@ -24,19 +25,21 @@ executeSynchronous(async () => { } const schemaConfigs = []; - const autoGenEntries = findAutogenEntries(basePath); + const namespaces = keys(await getApiVersionsByNamespace(readme)); + const autoGenEntries = findOrGenerateAutogenEntries(basePath, namespaces); - if (autoGenEntries.length === 0) { - const localSchemaConfigs = await generateSchemas(readme); - schemaConfigs.push(...localSchemaConfigs); - } else { - for (const autoGenConfig of autoGenEntries) { - console.log(`Using autogenlist config:`) - console.log(chalk.green(JSON.stringify(autoGenConfig, null, 2))); - - const localSchemaConfigs = await generateSchemas(readme, autoGenConfig); - schemaConfigs.push(...localSchemaConfigs); + for (const autoGenConfig of autoGenEntries) { + if (autoGenConfig.disabledForAutogen === true) { + console.log(`Path ${autoGenConfig.basePath} has been disabled for generation:`) + console.log(chalk.red(JSON.stringify(autoGenConfig, null, 2))); + continue; } + + console.log(`Using autogenlist config:`) + console.log(chalk.green(JSON.stringify(autoGenConfig, null, 2))); + + const localSchemaConfigs = await generateSchemas(readme, autoGenConfig); + schemaConfigs.push(...localSchemaConfigs); } await saveAutoGeneratedSchemaRefs(schemaConfigs); diff --git a/generator/cmd/listbasepaths.ts b/generator/cmd/listbasepaths.ts index 06ae8ac749..18e5e93a4e 100644 --- a/generator/cmd/listbasepaths.ts +++ b/generator/cmd/listbasepaths.ts @@ -1,7 +1,7 @@ import * as constants from '../constants'; import { cloneAndGenerateBasePaths, validateAndReturnReadmePath } from '../specs'; import chalk from 'chalk'; -import { findAutogenEntries } from '../autogenlist'; +import { findOrGenerateAutogenEntries } from '../autogenlist'; import { executeSynchronous, lowerCaseEquals } from '../utils'; import { getApiVersionsByNamespace } from '../generate'; import { keys, partition } from 'lodash'; @@ -12,18 +12,18 @@ executeSynchronous(async () => { for (const basePath of basePaths) { const readme = await validateAndReturnReadmePath(constants.specsRepoPath, basePath); const namespaces = keys(await getApiVersionsByNamespace(readme)); - const autogenlistEntries = findAutogenEntries(basePath); + const autogenlistEntries = findOrGenerateAutogenEntries(basePath, namespaces); - const [autogened, unautogened] = partition( - namespaces, - n => autogenlistEntries.findIndex(w => lowerCaseEquals(w.namespace, n)) > -1); + const [unautogened, autogened] = partition( + autogenlistEntries, + e => e.disabledForAutogen === true); if (unautogened.length === 0) { - console.log(`Discovered '${chalk.green(basePath)}'. autogened for auto-generation: ${chalk.green('yes')}.`); + console.log(`Discovered '${chalk.green(basePath)}'. enabled for auto-generation: ${chalk.green('yes')}.`); } else if (autogened.length > 0) { - console.log(`Discovered '${chalk.green(basePath)}'. autogened for auto-generation: ${chalk.yellow('partial')}. Missing: ${unautogened.map(p => chalk.yellow(p)).join(', ')}.`); + console.log(`Discovered '${chalk.green(basePath)}'. enabled for auto-generation: ${chalk.yellow('partial')}. Missing: ${unautogened.map(p => chalk.yellow(p.namespace)).join(', ')}.`); } else { - console.log(`Discovered '${chalk.green(basePath)}'. autogened for auto-generation: ${chalk.red('no')}. Missing: ${unautogened.map(p => chalk.yellow(p)).join(', ')}.`); + console.log(`Discovered '${chalk.green(basePath)}'. enabled for auto-generation: ${chalk.red('no')}. Missing: ${unautogened.map(p => chalk.yellow(p.namespace)).join(', ')}.`); } } }); \ No newline at end of file diff --git a/generator/constants.ts b/generator/constants.ts index cd7d9feedf..5bc18cb8b8 100644 --- a/generator/constants.ts +++ b/generator/constants.ts @@ -34,23 +34,12 @@ export const generatedSchemasTemplatePath = path.join(__dirname, 'resources/auto export const autorestCoreVersion = '3.0.6374'; export const azureresourceschemaVersion = '3.0.92'; -// paths in this list won't even appear in list-basepaths -export const blocklist = [ +// paths in this list won't even appear in list-basepaths. +// This list should only contain spec paths that should DEFINITELY be excluded from generation. +// For now - that should just be Azure Stack providers, and deprecated providers. +export const excludedBasePathPrefixes = [ /* Azure Stack resource providers */ - 'azsadmin/resource-manager/azurebridge', - 'azsadmin/resource-manager/backup', - 'azsadmin/resource-manager/commerce', - 'azsadmin/resource-manager/compute', - 'azsadmin/resource-manager/deployment', - 'azsadmin/resource-manager/fabric', - 'azsadmin/resource-manager/gallery', - 'azsadmin/resource-manager/infrastructureinsights', - 'azsadmin/resource-manager/keyvault', - 'azsadmin/resource-manager/network', - 'azsadmin/resource-manager/storage', - 'azsadmin/resource-manager/subscriptions', - 'azsadmin/resource-manager/update', - 'azsadmin/resource-manager/user-subscriptions', + 'azsadmin/', /* Microsoft.CustomerInsights is deprecated */ - 'customer-insights/resource-manager', + 'customer-insights/', ]; diff --git a/generator/models.ts b/generator/models.ts index 880c410b26..0616196a5a 100644 --- a/generator/models.ts +++ b/generator/models.ts @@ -9,6 +9,7 @@ export enum ScopeType { } export interface AutoGenConfig { + disabledForAutogen?: true, basePath: string, namespace: string, readmeFile?: string, diff --git a/generator/package-lock.json b/generator/package-lock.json index 1257ead1d4..866290a260 100644 --- a/generator/package-lock.json +++ b/generator/package-lock.json @@ -5,18 +5,18 @@ "requires": true, "dependencies": { "@autorest/azureresourceschema": { - "version": "3.0.98", - "resolved": "https://registry.npmjs.org/@autorest/azureresourceschema/-/azureresourceschema-3.0.98.tgz", - "integrity": "sha512-3RlRUiJ7b3h2I0n89JxaBgOCyaOyzNvRR/229aFcYolkuqSG447r1g4fFhJ8r7Ao692s5yNdg5CiggufjrELVg==", + "version": "3.0.103", + "resolved": "https://registry.npmjs.org/@autorest/azureresourceschema/-/azureresourceschema-3.0.103.tgz", + "integrity": "sha512-3WnJfuk3WxDjuJEcnrm+AkAGzRt88IAdEyGq3K4diAyrX3fAw5GVZwJ5iRjpRzRNAkV2I1UTce3CxDnYlIROTg==", "dev": true, "requires": { "dotnet-2.0.0": "^1.4.4" } }, "@autorest/core": { - "version": "3.2.4", - "resolved": "https://registry.npmjs.org/@autorest/core/-/core-3.2.4.tgz", - "integrity": "sha512-epE2iPKoXeT2BryMqeY7uXU4Y/FVLzppUxWlJZM1Q+2ixDb/HyU/6QFBQMPofVJJb1bJGFC/4uW0IFUlSuSt1g==", + "version": "3.5.1", + "resolved": "https://registry.npmjs.org/@autorest/core/-/core-3.5.1.tgz", + "integrity": "sha512-RhTe1Uvi5YMAXd16UWLBwNkt0vjjP8SBPzv5AVubh4Tnj7ijF8AzI8OI7McztcnKMn1JQQw+ArRhgkweJXLqKw==", "dev": true }, "@ts-common/commonmark-to-markdown": { @@ -37,10 +37,34 @@ "integrity": "sha512-pP7Ee7c54XiLyD2twIQtUGId4ln3w/HxBT207Aq+n4RMq7lGqHt97zKBYlsGawPTuF2z2ZoYiC9l1Wx2lMVpRA==", "dev": true }, + "@tsconfig/node10": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.8.tgz", + "integrity": "sha512-6XFfSQmMgq0CFLY1MslA/CPUfhIL919M1rMsa5lP2P097N2Wd1sSX0tx1u4olM16fLNhtHZpRhedZJphNJqmZg==", + "dev": true + }, + "@tsconfig/node12": { + "version": "1.0.9", + "resolved": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.9.tgz", + "integrity": "sha512-/yBMcem+fbvhSREH+s14YJi18sp7J9jpuhYByADT2rypfajMZZN4WQ6zBGgBKp53NKmqI36wFYDb3yaMPurITw==", + "dev": true + }, + "@tsconfig/node14": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.1.tgz", + "integrity": "sha512-509r2+yARFfHHE7T6Puu2jjkoycftovhXRqW328PDXTVGKihlb1P8Z9mMZH04ebyajfRY7dedfGynlrFHJUQCg==", + "dev": true + }, + "@tsconfig/node16": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.2.tgz", + "integrity": "sha512-eZxlbI8GZscaGS7kkc/trHTT5xgrjH3/1n2JDwusC9iahPKWMRvRjJSAN5mCXviuTGQ/lHnhvv8Q1YTpnfz9gA==", + "dev": true + }, "@types/async": { - "version": "3.2.6", - "resolved": "https://registry.npmjs.org/@types/async/-/async-3.2.6.tgz", - "integrity": "sha512-ZkrXnZLC1mc4b9QLKaSrsxV4oxTRs10OI2kgSApT8G0v1jrmqppSHUVQ15kLorzsFBTjvf7OKF4kAibuuNQ+xA==", + "version": "3.2.7", + "resolved": "https://registry.npmjs.org/@types/async/-/async-3.2.7.tgz", + "integrity": "sha512-a+MBBfOTs3ShFMlbH9qsRVFkjIUunEtxrBT0gxRx1cntjKRg2WApuGmNYzHkwKaIhMi3SMbKktaD/rLObQMwIw==", "dev": true }, "@types/commonmark": { @@ -50,21 +74,21 @@ "dev": true }, "@types/js-yaml": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-4.0.0.tgz", - "integrity": "sha512-4vlpCM5KPCL5CfGmTbpjwVKbISRYhduEJvvUWsH5EB7QInhEj94XPZ3ts/9FPiLZFqYO0xoW4ZL8z2AabTGgJA==", + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-4.0.2.tgz", + "integrity": "sha512-KbeHS/Y4R+k+5sWXEYzAZKuB1yQlZtEghuhRxrVRLaqhtoG5+26JwQsa4HyS3AWX8v1Uwukma5HheduUDskasA==", "dev": true }, "@types/lodash": { - "version": "4.14.168", - "resolved": "https://registry.npmjs.org/@types/lodash/-/lodash-4.14.168.tgz", - "integrity": "sha512-oVfRvqHV/V6D1yifJbVRU3TMp8OT6o6BG+U9MkwuJ3U8/CsDHvalRpsxBqivn71ztOFZBTfJMvETbqHiaNSj7Q==", + "version": "4.14.172", + "resolved": "https://registry.npmjs.org/@types/lodash/-/lodash-4.14.172.tgz", + "integrity": "sha512-/BHF5HAx3em7/KkzVKm3LrsD6HZAXuXO1AJZQ3cRRBZj4oHZDviWPYu0aEplAqDFNHZPW6d3G7KN+ONcCCC7pw==", "dev": true }, "@types/node": { - "version": "14.14.37", - "resolved": "https://registry.npmjs.org/@types/node/-/node-14.14.37.tgz", - "integrity": "sha512-XYmBiy+ohOR4Lh5jE379fV2IU+6Jn4g5qASinhitfyO71b/sCo6MKsMLF5tc7Zf2CE8hViVQyYSobJNke8OvUw==", + "version": "16.4.11", + "resolved": "https://registry.npmjs.org/@types/node/-/node-16.4.11.tgz", + "integrity": "sha512-nWSFUbuNiPKJEe1IViuodSI+9cM+vpM8SWF/O6dJK7wmGRNq55U7XavJHrlRrPkSMuUZUFzg1xaZ1B+ZZCrRWw==", "dev": true }, "ansi-styles": { @@ -98,21 +122,21 @@ "dev": true }, "autorest": { - "version": "3.1.4", - "resolved": "https://registry.npmjs.org/autorest/-/autorest-3.1.4.tgz", - "integrity": "sha512-boUNGamevGtvb7JSnvumZn0omxcKagfIaxpHA8VylhwM4yQo37e+QGDty6Gw00D3WZnJLZsXEacfWsaqrayUVA==", + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/autorest/-/autorest-3.3.2.tgz", + "integrity": "sha512-Tj2Jyz57tMt/KIJK3NaQI13hzUBXZ3N9OmkVZfLU2vrYh1SEaxvdWCLkwWt883E5YlzasRXdbSkrMz86lzHnPA==", "dev": true }, "buffer-from": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.1.tgz", - "integrity": "sha512-MQcXEUbCKtEo7bhqEs6560Hyd4XaovZlO/k9V3hjVUF/zwW7KBVdSK4gIt/bzwS9MbR5qob+F5jusZsb0YQK2A==", + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", + "integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==", "dev": true }, "chalk": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.0.tgz", - "integrity": "sha512-qwx12AxXe2Q5xQ43Ac//I6v5aXTipYrSESdOgzrN+9XjgEpyjpKuvSGaN4qE93f7TQTlerQQ8S+EQ0EyDoVL1A==", + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", "dev": true, "requires": { "ansi-styles": "^4.1.0", @@ -183,6 +207,18 @@ "dev": true, "requires": { "js-yaml": "^3.13.1" + }, + "dependencies": { + "js-yaml": { + "version": "3.14.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", + "dev": true, + "requires": { + "argparse": "^1.0.7", + "esprima": "^4.0.0" + } + } } }, "has-flag": { @@ -192,13 +228,20 @@ "dev": true }, "js-yaml": { - "version": "3.14.1", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", - "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", "dev": true, "requires": { - "argparse": "^1.0.7", - "esprima": "^4.0.0" + "argparse": "^2.0.1" + }, + "dependencies": { + "argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", + "dev": true + } } }, "lodash": { @@ -263,11 +306,15 @@ } }, "ts-node": { - "version": "9.1.1", - "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-9.1.1.tgz", - "integrity": "sha512-hPlt7ZACERQGf03M253ytLY3dHbGNGrAq9qIHWUY9XHYl1z7wYngSr3OQ5xmui8o2AaxsONxIzjafLUiWBo1Fg==", + "version": "10.1.0", + "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-10.1.0.tgz", + "integrity": "sha512-6szn3+J9WyG2hE+5W8e0ruZrzyk1uFLYye6IGMBadnOzDh8aP7t8CbFpsfCiEx2+wMixAhjFt7lOZC4+l+WbEA==", "dev": true, "requires": { + "@tsconfig/node10": "^1.0.7", + "@tsconfig/node12": "^1.0.7", + "@tsconfig/node14": "^1.0.0", + "@tsconfig/node16": "^1.0.1", "arg": "^4.1.0", "create-require": "^1.1.0", "diff": "^4.0.1", @@ -277,9 +324,9 @@ } }, "typescript": { - "version": "4.2.3", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.2.3.tgz", - "integrity": "sha512-qOcYwxaByStAWrBf4x0fibwZvMRG+r4cQoTjbPtUlrWjBHbmCAww1i448U0GJ+3cNNEtebDteo/cHOR3xJ4wEw==", + "version": "4.3.5", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.3.5.tgz", + "integrity": "sha512-DqQgihaQ9cUrskJo9kIyW/+g0Vxsk8cDtZ52a3NGh0YNTfpUSArXSohyUGnvbPazEPLu398C0UxmKSOrPumUzA==", "dev": true }, "yn": { diff --git a/generator/package.json b/generator/package.json index ca0e0fff01..8960039421 100644 --- a/generator/package.json +++ b/generator/package.json @@ -1,5 +1,5 @@ { - "$schema": "https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/documentation/sdkautomation/SwaggerToSdkConfigSchema.json", + "$schema": "https://raw.githubusercontent.com/Azure/azure-rest-api-specs/main/documentation/sdkautomation/SwaggerToSdkConfigSchema.json", "name": "azure-schema-generator", "private": true, "version": "1.0.0", @@ -18,19 +18,19 @@ "start": "npm run clean && npm run generate-all" }, "devDependencies": { - "@autorest/azureresourceschema": "^3.0.98", - "@autorest/core": "^3.0.6374", + "@autorest/azureresourceschema": "^3.0.103", + "@autorest/core": "^3.5.1", "@ts-common/commonmark-to-markdown": "^2.0.0", - "@types/async": "^3.2.5", - "@types/js-yaml": "^4.0.0", - "@types/lodash": "^4.14.168", - "@types/node": "^14.14.25", + "@types/async": "^3.2.7", + "@types/js-yaml": "^4.0.2", + "@types/lodash": "^4.14.172", + "@types/node": "^16.4.11", "async": "^3.2.0", - "autorest": "^3.0.6339", - "chalk": "^4.0.0", - "js-yaml": "^3.14.1", + "autorest": "^3.3.2", + "chalk": "^4.1.2", + "js-yaml": "^4.1.0", "lodash": "^4.17.19", - "ts-node": "^9.1.1", - "typescript": "^4.1.5" + "ts-node": "^10.1.0", + "typescript": "^4.3.5" } } diff --git a/generator/processors/Microsoft.Insights.Application.ts b/generator/processors/Microsoft.Insights.Application.ts index e9111d5a0e..8bd94a65c4 100644 --- a/generator/processors/Microsoft.Insights.Application.ts +++ b/generator/processors/Microsoft.Insights.Application.ts @@ -3,7 +3,7 @@ import { SchemaPostProcessor } from '../models'; export const postProcessor: SchemaPostProcessor = (namespace: string, apiVersion: string, schema: any) => { // this shouldn't be a resource definition, and it causes Export failures as it contains duplicate properties "Type" and "type" const resources = Object.values(schema.resourceDefinitions || {}); - console.log(resources); + for (const resource of resources) { if (resource?.properties['Type'] && resource?.properties['type']) { delete resource.properties['Type']; diff --git a/generator/resources.json b/generator/resources.json index 2f0175e1b3..b62dd3c784 100644 --- a/generator/resources.json +++ b/generator/resources.json @@ -731,11 +731,16 @@ ], "Microsoft.Authorization/accessReviewScheduleDefinitions": [ "2018-05-01-preview", - "2021-03-01-preview" + "2021-03-01-preview", + "2021-07-01-preview" + ], + "Microsoft.Authorization/accessReviewScheduleDefinitions/instances": [ + "2021-07-01-preview" ], "Microsoft.Authorization/accessReviewScheduleSettings": [ "2018-05-01-preview", - "2021-03-01-preview" + "2021-03-01-preview", + "2021-07-01-preview" ], "Microsoft.Authorization/locks": [ "2015-01-01", @@ -1211,17 +1216,20 @@ "Microsoft.Cache/redisEnterprise": [ "2020-10-01-preview", "2021-02-01-preview", - "2021-03-01" + "2021-03-01", + "2021-08-01" ], "Microsoft.Cache/redisEnterprise/databases": [ "2020-10-01-preview", "2021-02-01-preview", - "2021-03-01" + "2021-03-01", + "2021-08-01" ], "Microsoft.Cache/redisEnterprise/privateEndpointConnections": [ "2020-10-01-preview", "2021-02-01-preview", - "2021-03-01" + "2021-03-01", + "2021-08-01" ], "Microsoft.Capacity/autoQuotaIncrease": [ "2019-07-19-preview" @@ -1697,7 +1705,8 @@ "2020-12-01", "2021-02-01", "2021-03-01", - "2021-05-01" + "2021-05-01", + "2021-07-01" ], "Microsoft.ContainerService/managedClusters/agentPools": [ "2019-02-01", @@ -1717,13 +1726,15 @@ "2020-12-01", "2021-02-01", "2021-03-01", - "2021-05-01" + "2021-05-01", + "2021-07-01" ], "Microsoft.ContainerService/managedClusters/maintenanceConfigurations": [ "2020-12-01", "2021-02-01", "2021-03-01", - "2021-05-01" + "2021-05-01", + "2021-07-01" ], "Microsoft.ContainerService/managedClusters/privateEndpointConnections": [ "2020-06-01", @@ -1733,7 +1744,8 @@ "2020-12-01", "2021-02-01", "2021-03-01", - "2021-05-01" + "2021-05-01", + "2021-07-01" ], "Microsoft.ContainerService/openShiftManagedClusters": [ "2018-09-30-preview", @@ -3434,10 +3446,12 @@ ], "Microsoft.KeyVault/managedHSMs": [ "2020-04-01-preview", - "2021-04-01-preview" + "2021-04-01-preview", + "2021-06-01-preview" ], "Microsoft.KeyVault/managedHSMs/privateEndpointConnections": [ - "2021-04-01-preview" + "2021-04-01-preview", + "2021-06-01-preview" ], "Microsoft.KeyVault/vaults": [ "2015-06-01", @@ -3446,7 +3460,8 @@ "2018-02-14-preview", "2019-09-01", "2020-04-01-preview", - "2021-04-01-preview" + "2021-04-01-preview", + "2021-06-01-preview" ], "Microsoft.KeyVault/vaults/accessPolicies": [ "2016-10-01", @@ -3454,18 +3469,21 @@ "2018-02-14-preview", "2019-09-01", "2020-04-01-preview", - "2021-04-01-preview" + "2021-04-01-preview", + "2021-06-01-preview" ], "Microsoft.KeyVault/vaults/keys": [ "2019-09-01", "2020-04-01-preview", - "2021-04-01-preview" + "2021-04-01-preview", + "2021-06-01-preview" ], "Microsoft.KeyVault/vaults/privateEndpointConnections": [ "2018-02-14", "2019-09-01", "2020-04-01-preview", - "2021-04-01-preview" + "2021-04-01-preview", + "2021-06-01-preview" ], "Microsoft.KeyVault/vaults/secrets": [ "2016-10-01", @@ -3473,7 +3491,8 @@ "2018-02-14-preview", "2019-09-01", "2020-04-01-preview", - "2021-04-01-preview" + "2021-04-01-preview", + "2021-06-01-preview" ], "Microsoft.Kubernetes/connectedClusters": [ "2020-01-01-preview", @@ -3594,6 +3613,21 @@ "2016-10-01", "2017-07-01" ], + "Microsoft.Logz/monitors": [ + "2020-10-01-preview" + ], + "Microsoft.Logz/monitors/accounts": [ + "2020-10-01-preview" + ], + "Microsoft.Logz/monitors/accounts/tagRules": [ + "2020-10-01-preview" + ], + "Microsoft.Logz/monitors/singleSignOnConfigurations": [ + "2020-10-01-preview" + ], + "Microsoft.Logz/monitors/tagRules": [ + "2020-10-01-preview" + ], "Microsoft.MachineLearning/commitmentPlans": [ "2016-05-01-preview" ], @@ -3635,7 +3669,8 @@ "2020-09-01-preview", "2021-01-01", "2021-03-01-preview", - "2021-04-01" + "2021-04-01", + "2021-07-01" ], "Microsoft.MachineLearningServices/workspaces/batchEndpoints": [ "2021-03-01-preview" @@ -3666,7 +3701,8 @@ "2020-09-01-preview", "2021-01-01", "2021-03-01-preview", - "2021-04-01" + "2021-04-01", + "2021-07-01" ], "Microsoft.MachineLearningServices/workspaces/connections": [ "2020-06-01", @@ -3674,7 +3710,8 @@ "2020-09-01-preview", "2021-01-01", "2021-03-01-preview", - "2021-04-01" + "2021-04-01", + "2021-07-01" ], "Microsoft.MachineLearningServices/workspaces/data": [ "2021-03-01-preview" @@ -3733,7 +3770,8 @@ "2020-09-01-preview", "2021-01-01", "2021-03-01-preview", - "2021-04-01" + "2021-04-01", + "2021-07-01" ], "Microsoft.MachineLearningServices/workspaces/services": [ "2020-05-01-preview", @@ -6164,13 +6202,11 @@ ], "Microsoft.Security/assessmentMetadata": [ "2019-01-01-preview", - "2020-01-01", - "2021-06-01" + "2020-01-01" ], "Microsoft.Security/assessments": [ "2019-01-01-preview", - "2020-01-01", - "2021-06-01" + "2020-01-01" ], "Microsoft.Security/autoProvisioningSettings": [ "2017-08-01-preview" @@ -6191,19 +6227,10 @@ "Microsoft.Security/ingestionSettings": [ "2021-01-15-preview" ], - "Microsoft.Security/iotDefenderSettings": [ - "2020-08-06-preview" - ], "Microsoft.Security/iotSecuritySolutions": [ "2017-08-01-preview", "2019-08-01" ], - "Microsoft.Security/iotSensors": [ - "2020-08-06-preview" - ], - "Microsoft.Security/iotSites": [ - "2020-08-06-preview" - ], "Microsoft.Security/locations/applicationWhitelistings": [ "2015-06-01-preview", "2020-01-01" @@ -6212,24 +6239,19 @@ "2015-06-01-preview", "2020-01-01" ], - "Microsoft.Security/onPremiseIotSensors": [ - "2020-08-06-preview" - ], "Microsoft.Security/pricings": [ "2017-08-01-preview", "2017-08-01-preview", "2018-06-01" ], - "Microsoft.Security/securityConnectors": [ - "2021-07-01-preview" - ], "Microsoft.Security/securityContacts": [ "2017-08-01-preview" ], "Microsoft.Security/settings": [ "2017-08-01-preview", "2019-01-01", - "2021-06-01" + "2021-06-01", + "2021-07-01" ], "Microsoft.Security/workspaceSettings": [ "2017-08-01-preview" @@ -7098,14 +7120,16 @@ "2019-11-01", "2020-03-01", "2020-10-01", - "2021-03-01" + "2021-03-01", + "2021-05-01" ], "Microsoft.StorageCache/caches/storageTargets": [ "2019-08-01-preview", "2019-11-01", "2020-03-01", "2020-10-01", - "2021-03-01" + "2021-03-01", + "2021-05-01" ], "Microsoft.StoragePool/diskPools": [ "2020-03-15-preview", diff --git a/generator/specs.ts b/generator/specs.ts index 0a842c211f..213427a4d2 100644 --- a/generator/specs.ts +++ b/generator/specs.ts @@ -35,6 +35,10 @@ export async function validateAndReturnReadmePath(localPath: string, basePath: s export async function cloneAndGenerateBasePaths(localPath: string, remoteUri: string, commitHash: string) { await cloneGitRepo(localPath, remoteUri, commitHash); + return await generateBasePaths(localPath); +} + +export async function generateBasePaths(localPath: string) { const specsPath = path.join(localPath, 'specification'); const filePaths = await findRecursive(specsPath, filePath => { @@ -50,7 +54,7 @@ export async function cloneAndGenerateBasePaths(localPath: string, remoteUri: st return filePaths .map(p => p.substring(0, p.lastIndexOf(path.sep))) .map(getBasePathString.bind(null, localPath)) - .filter(p => !isBlocklisted(p)); + .filter(p => !isExcludedBasePath(p)); } export function getBasePathString(localPath: string, basePath: string) { @@ -66,8 +70,10 @@ export function getPackageString(readme: string) { .find((_, index, obj) => index > 0 && obj[index - 1] === 'specification'); } -function isBlocklisted(basePath: string) { - return constants.blocklist.includes(basePath); +function isExcludedBasePath(basePath: string) { + return constants.excludedBasePathPrefixes + .map(prefix => prefix.toLowerCase()) + .some(prefix => basePath.toLowerCase().startsWith(prefix)); } export async function prepareReadme(readme: string, autoGenConfig?: AutoGenConfig) { diff --git a/onboarded-report/result.json b/onboarded-report/result.json index f6e1608134..b683bf6ddd 100644 --- a/onboarded-report/result.json +++ b/onboarded-report/result.json @@ -640,10 +640,8 @@ }, { "basePath": "logz/resource-manager", - "onboardedToAutogen": "no", - "missing": [ - "Microsoft.Logz" - ], + "onboardedToAutogen": "yes", + "missing": [], "onboarded": [] }, { diff --git a/schemas/2014-04-01-preview/deploymentTemplate.json b/schemas/2014-04-01-preview/deploymentTemplate.json index a04817d78b..459e41bc72 100644 --- a/schemas/2014-04-01-preview/deploymentTemplate.json +++ b/schemas/2014-04-01-preview/deploymentTemplate.json @@ -5669,9 +5669,6 @@ { "$ref": "https://schema.management.azure.com/schemas/2020-01-01/Microsoft.Security.json#/unknown_resourceDefinitions/assessments" }, - { - "$ref": "https://schema.management.azure.com/schemas/2020-08-06-preview/Microsoft.Security.json#/unknown_resourceDefinitions/iotSensors" - }, { "$ref": "https://schema.management.azure.com/schemas/2019-10-01/Microsoft.Migrate.json#/resourceDefinitions/assessmentProjects" }, diff --git a/schemas/2015-01-01/deploymentTemplate.json b/schemas/2015-01-01/deploymentTemplate.json index b8b8be4525..b4b5b3c3bf 100644 --- a/schemas/2015-01-01/deploymentTemplate.json +++ b/schemas/2015-01-01/deploymentTemplate.json @@ -6162,9 +6162,6 @@ { "$ref": "https://schema.management.azure.com/schemas/2020-01-01/Microsoft.Security.json#/unknown_resourceDefinitions/assessments" }, - { - "$ref": "https://schema.management.azure.com/schemas/2020-08-06-preview/Microsoft.Security.json#/unknown_resourceDefinitions/iotSensors" - }, { "$ref": "https://schema.management.azure.com/schemas/2019-10-01/Microsoft.Migrate.json#/resourceDefinitions/assessmentProjects" }, diff --git a/schemas/2016-11-01/Microsoft.DataLakeAnalytics.json b/schemas/2016-11-01/Microsoft.DataLakeAnalytics.json index bd357cdd73..2b8e0c0aeb 100644 --- a/schemas/2016-11-01/Microsoft.DataLakeAnalytics.json +++ b/schemas/2016-11-01/Microsoft.DataLakeAnalytics.json @@ -438,6 +438,7 @@ }, "suffix": { "type": "string", + "default": "azuredatalakestore.net", "description": "The optional suffix for the storage account." } }, diff --git a/schemas/2017-03-01-preview/Microsoft.Sql.json b/schemas/2017-03-01-preview/Microsoft.Sql.json index 4c10346eba..764f98692a 100644 --- a/schemas/2017-03-01-preview/Microsoft.Sql.json +++ b/schemas/2017-03-01-preview/Microsoft.Sql.json @@ -1160,7 +1160,7 @@ "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\nDBCC_GROUP\r\nDATABASE_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_CHANGE_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" }, "isAzureMonitorTargetEnabled": { "oneOf": [ @@ -1457,7 +1457,7 @@ "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\nDBCC_GROUP\r\nDATABASE_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_CHANGE_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" }, "isAzureMonitorTargetEnabled": { "oneOf": [ @@ -1563,7 +1563,7 @@ "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\nDBCC_GROUP\r\nDATABASE_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_CHANGE_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" }, "isAzureMonitorTargetEnabled": { "oneOf": [ @@ -2465,7 +2465,7 @@ "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\nDBCC_GROUP\r\nDATABASE_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_CHANGE_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" }, "isAzureMonitorTargetEnabled": { "oneOf": [ diff --git a/schemas/2018-05-01/subscriptionDeploymentTemplate.json b/schemas/2018-05-01/subscriptionDeploymentTemplate.json index a2ea7ad574..dba94117a2 100644 --- a/schemas/2018-05-01/subscriptionDeploymentTemplate.json +++ b/schemas/2018-05-01/subscriptionDeploymentTemplate.json @@ -563,6 +563,15 @@ { "$ref": "https://schema.management.azure.com/schemas/2021-03-01-preview/Microsoft.Authorization.Authz.json#/subscription_resourceDefinitions/accessReviewScheduleSettings" }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-07-01-preview/Microsoft.Authorization.Authz.json#/subscription_resourceDefinitions/accessReviewScheduleDefinitions" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-07-01-preview/Microsoft.Authorization.Authz.json#/subscription_resourceDefinitions/accessReviewScheduleDefinitions_instances" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-07-01-preview/Microsoft.Authorization.Authz.json#/subscription_resourceDefinitions/accessReviewScheduleSettings" + }, { "$ref": "https://schema.management.azure.com/schemas/2017-09-01/Microsoft.Authorization.json#/resourceDefinitions/roleAssignments" }, @@ -665,6 +674,15 @@ { "$ref": "https://schema.management.azure.com/schemas/2020-09-01/Microsoft.Authorization.Resources.json#/unknown_resourceDefinitions/policyAssignments" }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-06-01/Microsoft.Authorization.Resources.json#/subscription_resourceDefinitions/policyDefinitions" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-06-01/Microsoft.Authorization.Resources.json#/subscription_resourceDefinitions/policySetDefinitions" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-06-01/Microsoft.Authorization.Resources.json#/unknown_resourceDefinitions/policyAssignments" + }, { "$ref": "https://schema.management.azure.com/schemas/2018-11-01-preview/Microsoft.Billing.json#/subscription_resourceDefinitions/billingAccounts_lineOfCredit" }, @@ -1025,29 +1043,14 @@ { "$ref": "https://schema.management.azure.com/schemas/2020-01-01-preview/Microsoft.Security.json#/subscription_resourceDefinitions/connectors" }, - { - "$ref": "https://schema.management.azure.com/schemas/2020-08-06-preview/Microsoft.Security.json#/subscription_resourceDefinitions/iotDefenderSettings" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2020-08-06-preview/Microsoft.Security.json#/subscription_resourceDefinitions/onPremiseIotSensors" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2020-08-06-preview/Microsoft.Security.json#/unknown_resourceDefinitions/iotSensors" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2020-08-06-preview/Microsoft.Security.json#/unknown_resourceDefinitions/iotSites" - }, { "$ref": "https://schema.management.azure.com/schemas/2021-01-15-preview/Microsoft.Security.json#/subscription_resourceDefinitions/ingestionSettings" }, - { - "$ref": "https://schema.management.azure.com/schemas/2021-06-01/Microsoft.Security.json#/subscription_resourceDefinitions/assessmentMetadata" - }, { "$ref": "https://schema.management.azure.com/schemas/2021-06-01/Microsoft.Security.json#/subscription_resourceDefinitions/settings" }, { - "$ref": "https://schema.management.azure.com/schemas/2021-06-01/Microsoft.Security.json#/unknown_resourceDefinitions/assessments" + "$ref": "https://schema.management.azure.com/schemas/2021-07-01/Microsoft.Security.json#/subscription_resourceDefinitions/settings" }, { "$ref": "https://schema.management.azure.com/schemas/2019-05-01-preview/Microsoft.Support.json#/subscription_resourceDefinitions/supportTickets" diff --git a/schemas/2019-03-01-hybrid/deploymentTemplate.json b/schemas/2019-03-01-hybrid/deploymentTemplate.json index 075d36dd12..a67d97868a 100644 --- a/schemas/2019-03-01-hybrid/deploymentTemplate.json +++ b/schemas/2019-03-01-hybrid/deploymentTemplate.json @@ -2955,9 +2955,6 @@ { "$ref": "https://schema.management.azure.com/schemas/2020-01-01/Microsoft.Security.json#/unknown_resourceDefinitions/assessments" }, - { - "$ref": "https://schema.management.azure.com/schemas/2020-08-06-preview/Microsoft.Security.json#/unknown_resourceDefinitions/iotSensors" - }, { "$ref": "https://schema.management.azure.com/schemas/2018-06-01-preview/Microsoft.ManagedServices.json#/resourceDefinitions/registrationAssignments" }, diff --git a/schemas/2019-04-01/deploymentTemplate.json b/schemas/2019-04-01/deploymentTemplate.json index ab04243e94..43dfea3a21 100644 --- a/schemas/2019-04-01/deploymentTemplate.json +++ b/schemas/2019-04-01/deploymentTemplate.json @@ -1977,7 +1977,6 @@ { "$ref": "https://schema.management.azure.com/schemas/2020-01-01/Microsoft.Advisor.json#/resourceDefinitions/recommendations_suppressions" }, { "$ref": "https://schema.management.azure.com/schemas/2020-01-01/Microsoft.Advisor.json#/resourceDefinitions/configurations" }, { "$ref": "https://schema.management.azure.com/schemas/2020-10-01-preview/Microsoft.Compute.json#/resourceDefinitions/cloudServices" }, - { "$ref": "https://schema.management.azure.com/schemas/2020-10-01-preview/Microsoft.Compute.json#/resourceDefinitions/cloudServices_updateDomains" }, { "$ref": "https://schema.management.azure.com/schemas/2014-04-01/Microsoft.Insights.ManuallyAuthored.json#/resourceDefinitions/components" }, { "$ref": "https://schema.management.azure.com/schemas/2014-04-01/Microsoft.Insights.ManuallyAuthored.json#/resourceDefinitions/webtests" }, { "$ref": "https://schema.management.azure.com/schemas/2014-04-01/Microsoft.Insights.ManuallyAuthored.json#/resourceDefinitions/autoscalesettings" }, @@ -2025,7 +2024,6 @@ { "$ref": "https://schema.management.azure.com/schemas/2020-12-01/Microsoft.Compute.json#/resourceDefinitions/virtualMachines_runCommands" }, { "$ref": "https://schema.management.azure.com/schemas/2021-03-01/Microsoft.Compute.json#/resourceDefinitions/availabilitySets" }, { "$ref": "https://schema.management.azure.com/schemas/2021-03-01/Microsoft.Compute.json#/resourceDefinitions/cloudServices" }, - { "$ref": "https://schema.management.azure.com/schemas/2021-03-01/Microsoft.Compute.json#/resourceDefinitions/cloudServices_updateDomains" }, { "$ref": "https://schema.management.azure.com/schemas/2021-03-01/Microsoft.Compute.json#/resourceDefinitions/hostGroups" }, { "$ref": "https://schema.management.azure.com/schemas/2021-03-01/Microsoft.Compute.json#/resourceDefinitions/hostGroups_hosts" }, { "$ref": "https://schema.management.azure.com/schemas/2021-03-01/Microsoft.Compute.json#/resourceDefinitions/images" }, diff --git a/schemas/2019-08-01/managementGroupDeploymentTemplate.json b/schemas/2019-08-01/managementGroupDeploymentTemplate.json index 861f7ab4a8..394d09e351 100644 --- a/schemas/2019-08-01/managementGroupDeploymentTemplate.json +++ b/schemas/2019-08-01/managementGroupDeploymentTemplate.json @@ -632,6 +632,15 @@ { "$ref": "https://schema.management.azure.com/schemas/2020-09-01/Microsoft.Authorization.Resources.json#/unknown_resourceDefinitions/policyAssignments" }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-06-01/Microsoft.Authorization.Resources.json#/managementGroup_resourceDefinitions/policyDefinitions" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-06-01/Microsoft.Authorization.Resources.json#/managementGroup_resourceDefinitions/policySetDefinitions" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-06-01/Microsoft.Authorization.Resources.json#/unknown_resourceDefinitions/policyAssignments" + }, { "$ref": "https://schema.management.azure.com/schemas/2017-11-11-preview/Microsoft.Blueprint.json#/managementGroup_resourceDefinitions/blueprints" }, diff --git a/schemas/2019-10-01-preview/Microsoft.Subscription.json b/schemas/2019-10-01-preview/Microsoft.Subscription.json index 2582f71fd3..6d1179cb5a 100644 --- a/schemas/2019-10-01-preview/Microsoft.Subscription.json +++ b/schemas/2019-10-01-preview/Microsoft.Subscription.json @@ -16,7 +16,7 @@ }, "name": { "type": "string", - "description": "Alias Name" + "description": "Name for this subscription creation request also known as alias. Note that this is not the same as subscription name and this doesn’t have any other lifecycle need beyond the request for subscription creation." }, "properties": { "oneOf": [ diff --git a/schemas/2019-11-01-preview/Microsoft.ServiceFabric.json b/schemas/2019-11-01-preview/Microsoft.ServiceFabric.json index fc24e95f96..589858c9fe 100644 --- a/schemas/2019-11-01-preview/Microsoft.ServiceFabric.json +++ b/schemas/2019-11-01-preview/Microsoft.ServiceFabric.json @@ -616,6 +616,17 @@ ], "description": "If true, then processes are forcefully restarted during upgrade even when the code version has not changed (the upgrade only changes configuration or data)." }, + "recreateApplication": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Determines whether the application should be recreated on update. If value=true, the rest of the upgrade policy parameters are not allowed and it will result in availability loss." + }, "rollingUpgradeMonitoringPolicy": { "oneOf": [ { diff --git a/schemas/2020-02-02-preview/Microsoft.Sql.json b/schemas/2020-02-02-preview/Microsoft.Sql.json index 9651f94450..96f14b214a 100644 --- a/schemas/2020-02-02-preview/Microsoft.Sql.json +++ b/schemas/2020-02-02-preview/Microsoft.Sql.json @@ -3106,7 +3106,7 @@ "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\nDBCC_GROUP\r\nDATABASE_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_CHANGE_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" }, "isAzureMonitorTargetEnabled": { "oneOf": [ @@ -3592,7 +3592,7 @@ "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\nDBCC_GROUP\r\nDATABASE_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_CHANGE_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" }, "isAzureMonitorTargetEnabled": { "oneOf": [ @@ -3698,7 +3698,7 @@ "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\nDBCC_GROUP\r\nDATABASE_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_CHANGE_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" }, "isAzureMonitorTargetEnabled": { "oneOf": [ @@ -6006,7 +6006,7 @@ "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\nDBCC_GROUP\r\nDATABASE_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_CHANGE_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" }, "isAzureMonitorTargetEnabled": { "oneOf": [ diff --git a/schemas/2020-02-02/Microsoft.Insights.Application.json b/schemas/2020-02-02/Microsoft.Insights.Application.json index f26da976e7..10a9111a17 100644 --- a/schemas/2020-02-02/Microsoft.Insights.Application.json +++ b/schemas/2020-02-02/Microsoft.Insights.Application.json @@ -214,6 +214,17 @@ ], "description": "Describes what tool created this Application Insights component. Customers using this API should set this to the default 'rest'." }, + "RetentionInDays": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Retention period in days." + }, "SamplingPercentage": { "oneOf": [ { diff --git a/schemas/2020-02-14-preview/Microsoft.DBforPostgreSQL.json b/schemas/2020-02-14-preview/Microsoft.DBforPostgreSQL.json index 404bd91a13..1b1e8fc5a7 100644 --- a/schemas/2020-02-14-preview/Microsoft.DBforPostgreSQL.json +++ b/schemas/2020-02-14-preview/Microsoft.DBforPostgreSQL.json @@ -332,6 +332,10 @@ ], "description": "stand by count value can be either enabled or disabled." }, + "logBackupStorageSku": { + "type": "string", + "description": "The log backup storage sku of the server." + }, "maintenanceWindow": { "oneOf": [ { @@ -370,6 +374,17 @@ "type": "string", "description": "The subscription id of source serve PostgreSQL server name to restore from." }, + "standbyCount": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The number of standbys." + }, "storageProfile": { "oneOf": [ { @@ -476,6 +491,21 @@ ], "description": "Backup retention days for the server." }, + "geoRedundantBackup": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A value indicating whether Geo-Redundant backup is enabled on the server." + }, "storageMB": { "oneOf": [ { diff --git a/schemas/2020-03-01/Microsoft.ServiceFabric.json b/schemas/2020-03-01/Microsoft.ServiceFabric.json index c7aa92c77f..b5daf8c6f5 100644 --- a/schemas/2020-03-01/Microsoft.ServiceFabric.json +++ b/schemas/2020-03-01/Microsoft.ServiceFabric.json @@ -616,6 +616,17 @@ ], "description": "If true, then processes are forcefully restarted during upgrade even when the code version has not changed (the upgrade only changes configuration or data)." }, + "recreateApplication": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Determines whether the application should be recreated on update. If value=true, the rest of the upgrade policy parameters are not allowed and it will result in availability loss." + }, "rollingUpgradeMonitoringPolicy": { "oneOf": [ { diff --git a/schemas/2020-04-01-preview/Microsoft.ChangeAnalysis.json b/schemas/2020-04-01-preview/Microsoft.ChangeAnalysis.json index 2c7d6548f7..597d63bc20 100644 --- a/schemas/2020-04-01-preview/Microsoft.ChangeAnalysis.json +++ b/schemas/2020-04-01-preview/Microsoft.ChangeAnalysis.json @@ -25,6 +25,10 @@ ], "description": "The identity block returned by ARM resource that supports managed identity." }, + "location": { + "type": "string", + "description": "The location where the resource is to be deployed." + }, "name": { "oneOf": [ { @@ -79,6 +83,21 @@ "AzureMonitorWorkspaceProperties": { "type": "object", "properties": { + "includeChangeDetails": { + "oneOf": [ + { + "type": "string", + "enum": [ + "None", + "Include", + "Exclude" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, "workspaceId": { "type": "string", "description": "The Azure Monitor workspace ID - the unique identifier for the Log Analytics workspace." diff --git a/schemas/2020-05-01/Microsoft.SignalRService.json b/schemas/2020-05-01/Microsoft.SignalRService.json index 4c72996cd2..74492649c3 100644 --- a/schemas/2020-05-01/Microsoft.SignalRService.json +++ b/schemas/2020-05-01/Microsoft.SignalRService.json @@ -151,7 +151,8 @@ "enum": [ "ClientConnection", "ServerConnection", - "RESTAPI" + "RESTAPI", + "Trace" ] } }, @@ -170,7 +171,8 @@ "enum": [ "ClientConnection", "ServerConnection", - "RESTAPI" + "RESTAPI", + "Trace" ] } }, @@ -205,7 +207,8 @@ "enum": [ "ClientConnection", "ServerConnection", - "RESTAPI" + "RESTAPI", + "Trace" ] } }, @@ -224,7 +227,8 @@ "enum": [ "ClientConnection", "ServerConnection", - "RESTAPI" + "RESTAPI", + "Trace" ] } }, diff --git a/schemas/2020-08-01-preview/Microsoft.Sql.json b/schemas/2020-08-01-preview/Microsoft.Sql.json index 7ce41dba94..a2e4752fa0 100644 --- a/schemas/2020-08-01-preview/Microsoft.Sql.json +++ b/schemas/2020-08-01-preview/Microsoft.Sql.json @@ -3147,7 +3147,7 @@ "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\nDBCC_GROUP\r\nDATABASE_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_CHANGE_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" }, "isAzureMonitorTargetEnabled": { "oneOf": [ @@ -3716,7 +3716,7 @@ "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\nDBCC_GROUP\r\nDATABASE_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_CHANGE_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" }, "isAzureMonitorTargetEnabled": { "oneOf": [ @@ -3822,7 +3822,7 @@ "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\nDBCC_GROUP\r\nDATABASE_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_CHANGE_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" }, "isAzureMonitorTargetEnabled": { "oneOf": [ @@ -6141,7 +6141,7 @@ "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\nDBCC_GROUP\r\nDATABASE_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_CHANGE_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" }, "isAzureMonitorTargetEnabled": { "oneOf": [ diff --git a/schemas/2020-08-06-preview/Microsoft.Security.json b/schemas/2020-08-06-preview/Microsoft.Security.json deleted file mode 100644 index 4d9806f8c5..0000000000 --- a/schemas/2020-08-06-preview/Microsoft.Security.json +++ /dev/null @@ -1,279 +0,0 @@ -{ - "id": "https://schema.management.azure.com/schemas/2020-08-06-preview/Microsoft.Security.json#", - "$schema": "http://json-schema.org/draft-04/schema#", - "title": "Microsoft.Security", - "description": "Microsoft Security Resource Types", - "resourceDefinitions": {}, - "subscription_resourceDefinitions": { - "iotDefenderSettings": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2020-08-06-preview" - ] - }, - "name": { - "type": "string", - "enum": [ - "default" - ] - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/IotDefenderSettingsProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "IoT Defender settings properties" - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.Security/iotDefenderSettings" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.Security/iotDefenderSettings" - }, - "onPremiseIotSensors": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2020-08-06-preview" - ] - }, - "name": { - "type": "string", - "description": "Name of the on-premise IoT sensor" - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.Security/onPremiseIotSensors" - ] - } - }, - "required": [ - "apiVersion", - "name", - "type" - ], - "description": "Microsoft.Security/onPremiseIotSensors" - } - }, - "unknown_resourceDefinitions": { - "iotSensors": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2020-08-06-preview" - ] - }, - "name": { - "type": "string", - "description": "Name of the IoT sensor" - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/IotSensorProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "IoT sensor properties" - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.Security/iotSensors" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.Security/iotSensors" - }, - "iotSites": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2020-08-06-preview" - ] - }, - "name": { - "type": "string", - "enum": [ - "default" - ] - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/IotSiteProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "IoT site properties" - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.Security/iotSites" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.Security/iotSites" - } - }, - "definitions": { - "IotDefenderSettingsProperties": { - "type": "object", - "properties": { - "deviceQuota": { - "oneOf": [ - { - "type": "integer", - "minimum": 1000 - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Size of the device quota (as a opposed to a Pay as You Go billing model). Value is required to be in multiples of 1000." - }, - "onboardingKind": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Default", - "MigratedToAzure", - "Evaluation", - "Purchased" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The kind of onboarding for the subscription." - }, - "sentinelWorkspaceResourceIds": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Sentinel Workspace Resource Ids" - } - }, - "required": [ - "deviceQuota", - "onboardingKind", - "sentinelWorkspaceResourceIds" - ], - "description": "IoT Defender settings properties" - }, - "IotSensorProperties": { - "type": "object", - "properties": { - "sensorType": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Ot", - "Enterprise" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Type of sensor." - }, - "tiAutomaticUpdates": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "TI Automatic mode status of the IoT sensor" - }, - "zone": { - "type": "string", - "description": "Zone of the IoT sensor" - } - }, - "description": "IoT sensor properties" - }, - "IotSiteProperties": { - "type": "object", - "properties": { - "displayName": { - "type": "string", - "description": "Display name of the IoT site" - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Tags of the IoT site" - } - }, - "required": [ - "displayName" - ], - "description": "IoT site properties" - } - } -} \ No newline at end of file diff --git a/schemas/2020-09-01/Microsoft.Subscription.json b/schemas/2020-09-01/Microsoft.Subscription.json index 4cdc509957..15c4cbd510 100644 --- a/schemas/2020-09-01/Microsoft.Subscription.json +++ b/schemas/2020-09-01/Microsoft.Subscription.json @@ -16,7 +16,7 @@ }, "name": { "type": "string", - "description": "Alias Name" + "description": "Name for this subscription creation request also known as alias. Note that this is not the same as subscription name and this doesn’t have any other lifecycle need beyond the request for subscription creation." }, "properties": { "oneOf": [ diff --git a/schemas/2020-10-01-preview/Microsoft.Compute.json b/schemas/2020-10-01-preview/Microsoft.Compute.json index 2272e5c9c7..b9c0821fdb 100644 --- a/schemas/2020-10-01-preview/Microsoft.Compute.json +++ b/schemas/2020-10-01-preview/Microsoft.Compute.json @@ -32,16 +32,6 @@ ], "description": "Cloud service properties" }, - "resources": { - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/definitions/cloudServices_updateDomains_childResource" - } - ] - } - }, "tags": { "oneOf": [ { @@ -72,40 +62,6 @@ "type" ], "description": "Microsoft.Compute/cloudServices" - }, - "cloudServices_updateDomains": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2020-10-01-preview" - ] - }, - "name": { - "oneOf": [ - { - "type": "integer" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Specifies an integer value that identifies the update domain. Update domains are identified with a zero-based index: the first update domain has an ID of 0, the second has an ID of 1, and so on." - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.Compute/cloudServices/updateDomains" - ] - } - }, - "required": [ - "apiVersion", - "name", - "type" - ], - "description": "Microsoft.Compute/cloudServices/updateDomains" } }, "definitions": { @@ -398,40 +354,6 @@ }, "description": "Describes the cloud service role sku." }, - "cloudServices_updateDomains_childResource": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2020-10-01-preview" - ] - }, - "name": { - "oneOf": [ - { - "type": "integer" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Specifies an integer value that identifies the update domain. Update domains are identified with a zero-based index: the first update domain has an ID of 0, the second has an ID of 1, and so on." - }, - "type": { - "type": "string", - "enum": [ - "updateDomains" - ] - } - }, - "required": [ - "apiVersion", - "name", - "type" - ], - "description": "Microsoft.Compute/cloudServices/updateDomains" - }, "CloudServiceVaultAndSecretReference": { "type": "object", "properties": { diff --git a/schemas/2020-10-15-preview/Microsoft.EventGrid.json b/schemas/2020-10-15-preview/Microsoft.EventGrid.json index 768a4c9f25..2f07351a81 100644 --- a/schemas/2020-10-15-preview/Microsoft.EventGrid.json +++ b/schemas/2020-10-15-preview/Microsoft.EventGrid.json @@ -2418,7 +2418,8 @@ "isSecret": { "oneOf": [ { - "type": "boolean" + "type": "boolean", + "default": false }, { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" diff --git a/schemas/2020-12-01-preview/Microsoft.ServiceFabric.json b/schemas/2020-12-01-preview/Microsoft.ServiceFabric.json index 6f919b23bd..84e775784d 100644 --- a/schemas/2020-12-01-preview/Microsoft.ServiceFabric.json +++ b/schemas/2020-12-01-preview/Microsoft.ServiceFabric.json @@ -671,6 +671,17 @@ ], "description": "If true, then processes are forcefully restarted during upgrade even when the code version has not changed (the upgrade only changes configuration or data)." }, + "recreateApplication": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Determines whether the application should be recreated on update. If value=true, the rest of the upgrade policy parameters are not allowed and it will result in availability loss." + }, "rollingUpgradeMonitoringPolicy": { "oneOf": [ { diff --git a/schemas/2021-03-01-preview/Microsoft.MachineLearningServices.json b/schemas/2021-03-01-preview/Microsoft.MachineLearningServices.json index 84e868319a..dd58eed844 100644 --- a/schemas/2021-03-01-preview/Microsoft.MachineLearningServices.json +++ b/schemas/2021-03-01-preview/Microsoft.MachineLearningServices.json @@ -159,7 +159,8 @@ "description": "Service identity associated with a resource." }, "kind": { - "type": "string" + "type": "string", + "description": "Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type." }, "location": { "type": "string", @@ -242,7 +243,8 @@ "description": "Service identity associated with a resource." }, "kind": { - "type": "string" + "type": "string", + "description": "Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type." }, "location": { "type": "string", @@ -913,7 +915,8 @@ "description": "Service identity associated with a resource." }, "kind": { - "type": "string" + "type": "string", + "description": "Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type." }, "location": { "type": "string", @@ -996,7 +999,8 @@ "description": "Service identity associated with a resource." }, "kind": { - "type": "string" + "type": "string", + "description": "Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type." }, "location": { "type": "string", @@ -1551,7 +1555,8 @@ { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } - ] + ], + "description": "Target CPU usage for the autoscaler." } }, "required": [ @@ -2019,7 +2024,8 @@ { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } - ] + ], + "description": "Absolute distance allowed from the best performing run." }, "slackFactor": { "oneOf": [ @@ -2029,13 +2035,14 @@ { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } - ] + ], + "description": "Ratio of the allowed distance from the best performing run." } }, "required": [ "policyType" ], - "description": "Defines an early termination policy based on slack criteria, and a frequency and delay interval for evaluation" + "description": "Defines an early termination policy based on slack criteria, and a frequency and delay interval for evaluation." }, "BatchDeployment": { "type": "object", @@ -3614,7 +3621,8 @@ { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } - ] + ], + "description": "Number of intervals by which to delay the first evaluation." }, "evaluationInterval": { "oneOf": [ @@ -3624,10 +3632,11 @@ { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } - ] + ], + "description": "Interval (number of runs) between policy evaluations." } }, - "description": "Early termination policies enable canceling poor-performing runs before they complete" + "description": "Early termination policies enable canceling poor-performing runs before they complete." }, "EncryptionProperty": { "type": "object", @@ -3819,7 +3828,8 @@ { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } - ] + ], + "description": "Model flavor-specific data." } } }, @@ -4535,7 +4545,8 @@ ] }, "instanceType": { - "type": "string" + "type": "string", + "description": "Compute instance type." }, "readinessProbe": { "oneOf": [ @@ -4545,7 +4556,8 @@ { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } - ] + ], + "description": "Deployment container liveness/readiness probe configuration." } }, "required": [ @@ -4563,7 +4575,8 @@ { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } - ] + ], + "description": "Fixed number of instances for this deployment." }, "scaleType": { "type": "string", @@ -4589,7 +4602,7 @@ "required": [ "policyType" ], - "description": "Defines an early termination policy based on running averages of the primary metric of all runs" + "description": "Defines an early termination policy based on running averages of the primary metric of all runs." }, "MLAssistConfiguration": { "type": "object", @@ -4771,7 +4784,8 @@ { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } - ] + ], + "description": "Number of processes per MPI node." } }, "required": [ @@ -4837,13 +4851,15 @@ { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } - ] + ], + "description": "Name of the metric to optimize." } }, "required": [ "goal", "primaryMetric" - ] + ], + "description": "Optimization objective." }, "OnlineDeployment": { "type": "object", @@ -4909,7 +4925,8 @@ { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } - ] + ], + "description": "Deployment container liveness/readiness probe configuration." }, "model": { "oneOf": [ @@ -4945,7 +4962,8 @@ { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } - ] + ], + "description": "Online deployment scoring requests configuration." }, "scaleSettings": { "oneOf": [ @@ -4955,7 +4973,8 @@ { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } - ] + ], + "description": "Online deployment scaling configuration." } } }, @@ -5044,7 +5063,8 @@ { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } - ] + ], + "description": "The number of requests allowed to queue at once for this deployment." }, "maxQueueWait": { "type": "string", @@ -5056,7 +5076,8 @@ "format": "duration", "description": "The request timeout in ISO 8601 format. Supports millisecond precision." } - } + }, + "description": "Online deployment scoring requests configuration." }, "OnlineScaleSettings": { "type": "object", @@ -5077,7 +5098,8 @@ { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } - ] + ], + "description": "Maximum number of instances for this deployment." }, "minInstances": { "oneOf": [ @@ -5087,9 +5109,11 @@ { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } - ] + ], + "description": "Minimum number of instances for this deployment." } - } + }, + "description": "Online deployment scaling configuration." }, "OutputDataBinding": { "type": "object", @@ -5289,7 +5313,8 @@ "format": "duration", "description": "The probe timeout in ISO 8601 format." } - } + }, + "description": "Deployment container liveness/readiness probe configuration." }, "PyTorch": { "type": "object", @@ -5945,7 +5970,7 @@ "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Early termination policies enable canceling poor-performing runs before they complete" + "description": "Early termination policies enable canceling poor-performing runs before they complete." }, "experimentName": { "type": "string", @@ -5976,7 +6001,8 @@ { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } - ] + ], + "description": "An upper bound on the number of trials performed in parallel." }, "maxTotalTrials": { "oneOf": [ @@ -5986,7 +6012,8 @@ { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } - ] + ], + "description": "An upper bound on the number of trials to perform." }, "objective": { "oneOf": [ @@ -5996,7 +6023,8 @@ { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } - ] + ], + "description": "Optimization objective." }, "priority": { "oneOf": [ @@ -6126,7 +6154,8 @@ { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } - ] + ], + "description": "Number of parameter server tasks." }, "workerCount": { "oneOf": [ @@ -6253,7 +6282,8 @@ { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } - ] + ], + "description": "The percentage of runs to cancel at each evaluation interval." } }, "required": [ @@ -6564,7 +6594,8 @@ "description": "Service identity associated with a resource." }, "kind": { - "type": "string" + "type": "string", + "description": "Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type." }, "location": { "type": "string", @@ -6637,7 +6668,8 @@ "description": "Service identity associated with a resource." }, "kind": { - "type": "string" + "type": "string", + "description": "Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type." }, "location": { "type": "string", @@ -7268,7 +7300,8 @@ "description": "Service identity associated with a resource." }, "kind": { - "type": "string" + "type": "string", + "description": "Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type." }, "location": { "type": "string", @@ -7341,7 +7374,8 @@ "description": "Service identity associated with a resource." }, "kind": { - "type": "string" + "type": "string", + "description": "Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type." }, "location": { "type": "string", diff --git a/schemas/2021-03-01/Microsoft.Compute.json b/schemas/2021-03-01/Microsoft.Compute.json index 4e36c18080..482971f0c2 100644 --- a/schemas/2021-03-01/Microsoft.Compute.json +++ b/schemas/2021-03-01/Microsoft.Compute.json @@ -102,16 +102,6 @@ ], "description": "Cloud service properties" }, - "resources": { - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/definitions/cloudServices_updateDomains_childResource" - } - ] - } - }, "tags": { "oneOf": [ { @@ -143,40 +133,6 @@ ], "description": "Microsoft.Compute/cloudServices" }, - "cloudServices_updateDomains": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2021-03-01" - ] - }, - "name": { - "oneOf": [ - { - "type": "integer" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Specifies an integer value that identifies the update domain. Update domains are identified with a zero-based index: the first update domain has an ID of 0, the second has an ID of 1, and so on." - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.Compute/cloudServices/updateDomains" - ] - } - }, - "required": [ - "apiVersion", - "name", - "type" - ], - "description": "Microsoft.Compute/cloudServices/updateDomains" - }, "hostGroups": { "type": "object", "properties": { @@ -1639,40 +1595,6 @@ }, "description": "Describes the cloud service role sku." }, - "cloudServices_updateDomains_childResource": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2021-03-01" - ] - }, - "name": { - "oneOf": [ - { - "type": "integer" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Specifies an integer value that identifies the update domain. Update domains are identified with a zero-based index: the first update domain has an ID of 0, the second has an ID of 1, and so on." - }, - "type": { - "type": "string", - "enum": [ - "updateDomains" - ] - } - }, - "required": [ - "apiVersion", - "name", - "type" - ], - "description": "Microsoft.Compute/cloudServices/updateDomains" - }, "CloudServiceVaultAndSecretReference": { "type": "object", "properties": { diff --git a/schemas/2021-04-01-preview/Microsoft.Maintenance.json b/schemas/2021-04-01-preview/Microsoft.Maintenance.json index e16881b0b5..0c2867ddcc 100644 --- a/schemas/2021-04-01-preview/Microsoft.Maintenance.json +++ b/schemas/2021-04-01-preview/Microsoft.Maintenance.json @@ -19,7 +19,7 @@ }, "name": { "type": "string", - "description": "Resource Identifier" + "description": "Maintenance Configuration Name" }, "properties": { "oneOf": [ @@ -415,7 +415,7 @@ "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Gets or sets the visibility of the configuration." + "description": "Gets or sets the visibility of the configuration. The default value is 'Custom'." } }, "description": "Properties for maintenance configuration" @@ -433,7 +433,7 @@ }, "recurEvery": { "type": "string", - "description": "Rate at which a Maintenance window is expected to recur. The rate can be expressed as daily, weekly, or monthly schedules. Daily schedule are formatted as recurEvery: [Frequency as integer]['Day(s)']. If no frequency is provided, the default frequency is 1. Daily schedule examples are recurEvery: Day, recurEvery: 3Days. Weekly schedule are formatted as recurEvery: [Frequency as integer]['Week(s)'] [Optional comma separated list of weekdays Monday-Sunday]. Weekly schedule examples are recurEvery: 3Weeks, recurEvery: Week Saturday,Sunday. Monthly schedules are formatted as [Frequency as integer]['Month(s)'] [Comma separated list of month days] or [Frequency as integer]['Month(s)'] [Week of Month (First, Second, Third, Fourth, Last)] [Weekday Monday-Sunday]. Monthly schedule examples are recurEvery: Month, recurEvery: 2Months, recurEvery: Month day23,day24, recurEvery: Month Last Sunday, recurEvery: Month Fourth Monday." + "description": "Rate at which a Maintenance window is expected to recur. The rate can be expressed as daily, weekly, or monthly schedules. Daily schedule are formatted as recurEvery: [Frequency as integer]['Day(s)']. If no frequency is provided, the default frequency is 1. Daily schedule examples are recurEvery: Day, recurEvery: 3Days. Weekly schedule are formatted as recurEvery: [Frequency as integer]['Week(s)'] [Optional comma separated list of weekdays Monday-Sunday]. Weekly schedule examples are recurEvery: 3Weeks, recurEvery: Week Saturday,Sunday. Monthly schedules are formatted as [Frequency as integer]['Month(s)'] [Comma separated list of month days] or [Frequency as integer]['Month(s)'] [Week of Month (First, Second, Third, Fourth, Last)] [Weekday Monday-Sunday] [Optional Offset(No. of days)]. Offset value must be between -6 to 6 inclusive. Monthly schedule examples are recurEvery: Month, recurEvery: 2Months, recurEvery: Month day23,day24, recurEvery: Month Last Sunday, recurEvery: Month Fourth Monday, recurEvery: Month Last Sunday Offset-3, recurEvery: Month Third Sunday Offset6." }, "startDateTime": { "type": "string", diff --git a/schemas/2021-04-01/Microsoft.SecurityInsights.json b/schemas/2021-04-01/Microsoft.SecurityInsights.json index 203a32122f..5b5a37d471 100644 --- a/schemas/2021-04-01/Microsoft.SecurityInsights.json +++ b/schemas/2021-04-01/Microsoft.SecurityInsights.json @@ -147,6 +147,64 @@ ], "description": "Microsoft.SecurityInsights/incidents/relations" }, + "threatIntelligence_indicators": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-04-01" + ] + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + }, + "kind": { + "oneOf": [ + { + "type": "string", + "enum": [ + "indicator" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The kind of the entity." + }, + "name": { + "type": "string", + "description": "Threat intelligence indicator name field." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ThreatIntelligenceIndicatorProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describes threat intelligence entity properties" + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.SecurityInsights/threatIntelligence/indicators" + ] + } + }, + "required": [ + "apiVersion", + "kind", + "name", + "properties", + "type" + ], + "description": "Microsoft.SecurityInsights/threatIntelligence/indicators" + }, "watchlists": { "type": "object", "properties": { @@ -525,6 +583,371 @@ ], "description": "Relation property bag." }, + "ThreatIntelligenceExternalReference": { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "External reference description" + }, + "externalId": { + "type": "string", + "description": "External reference ID" + }, + "hashes": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "External reference hashes" + }, + "sourceName": { + "type": "string", + "description": "External reference source name" + }, + "url": { + "type": "string", + "description": "External reference URL" + } + }, + "description": "Describes external reference" + }, + "ThreatIntelligenceGranularMarkingModel": { + "type": "object", + "properties": { + "language": { + "type": "string", + "description": "Language granular marking model" + }, + "markingRef": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "marking reference granular marking model" + }, + "selectors": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "granular marking model selectors" + } + }, + "description": "Describes threat granular marking model entity" + }, + "ThreatIntelligenceIndicatorProperties": { + "type": "object", + "properties": { + "confidence": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Confidence of threat intelligence entity" + }, + "created": { + "type": "string", + "description": "Created by" + }, + "createdByRef": { + "type": "string", + "description": "Created by reference of threat intelligence entity" + }, + "defanged": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is threat intelligence entity defanged" + }, + "description": { + "type": "string", + "description": "Description of a threat intelligence entity" + }, + "displayName": { + "type": "string", + "description": "Display name of a threat intelligence entity" + }, + "extensions": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "object", + "properties": {} + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Extensions map" + }, + "externalId": { + "type": "string", + "description": "External ID of threat intelligence entity" + }, + "externalLastUpdatedTimeUtc": { + "type": "string", + "description": "External last updated time in UTC" + }, + "externalReferences": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ThreatIntelligenceExternalReference" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "External References" + }, + "granularMarkings": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ThreatIntelligenceGranularMarkingModel" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Granular Markings" + }, + "indicatorTypes": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Indicator types of threat intelligence entities" + }, + "killChainPhases": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ThreatIntelligenceKillChainPhase" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Kill chain phases" + }, + "labels": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Labels of threat intelligence entity" + }, + "language": { + "type": "string", + "description": "Language of threat intelligence entity" + }, + "lastUpdatedTimeUtc": { + "type": "string", + "description": "Last updated time in UTC" + }, + "modified": { + "type": "string", + "description": "Modified by" + }, + "objectMarkingRefs": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Threat intelligence entity object marking references" + }, + "parsedPattern": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ThreatIntelligenceParsedPattern" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Parsed patterns" + }, + "pattern": { + "type": "string", + "description": "Pattern of a threat intelligence entity" + }, + "patternType": { + "type": "string", + "description": "Pattern type of a threat intelligence entity" + }, + "patternVersion": { + "type": "string", + "description": "Pattern version of a threat intelligence entity" + }, + "revoked": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is threat intelligence entity revoked" + }, + "source": { + "type": "string", + "description": "Source of a threat intelligence entity" + }, + "threatIntelligenceTags": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "List of tags" + }, + "threatTypes": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Threat types" + }, + "validFrom": { + "type": "string", + "description": "Valid from" + }, + "validUntil": { + "type": "string", + "description": "Valid until" + } + }, + "description": "Describes threat intelligence entity properties" + }, + "ThreatIntelligenceKillChainPhase": { + "type": "object", + "properties": { + "killChainName": { + "type": "string", + "description": "Kill chainName name" + }, + "phaseName": { + "type": "string", + "description": "Phase name" + } + }, + "description": "Describes threat kill chain phase entity" + }, + "ThreatIntelligenceParsedPattern": { + "type": "object", + "properties": { + "patternTypeKey": { + "type": "string", + "description": "Pattern type key" + }, + "patternTypeValues": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ThreatIntelligenceParsedPatternTypeValue" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Pattern type keys" + } + }, + "description": "Describes parsed pattern entity" + }, + "ThreatIntelligenceParsedPatternTypeValue": { + "type": "object", + "properties": { + "value": { + "type": "string", + "description": "Value of parsed pattern" + }, + "valueType": { + "type": "string", + "description": "Type of the value" + } + }, + "description": "Describes threat kill chain phase entity" + }, "UserInfo": { "type": "object", "properties": { diff --git a/schemas/2021-06-01-preview/Microsoft.EventGrid.json b/schemas/2021-06-01-preview/Microsoft.EventGrid.json index c0ac379f79..b51b3cc69c 100644 --- a/schemas/2021-06-01-preview/Microsoft.EventGrid.json +++ b/schemas/2021-06-01-preview/Microsoft.EventGrid.json @@ -2577,7 +2577,8 @@ "isSecret": { "oneOf": [ { - "type": "boolean" + "type": "boolean", + "default": false }, { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" diff --git a/schemas/2021-06-01-preview/Microsoft.KeyVault.json b/schemas/2021-06-01-preview/Microsoft.KeyVault.json new file mode 100644 index 0000000000..7dc0b6bd4e --- /dev/null +++ b/schemas/2021-06-01-preview/Microsoft.KeyVault.json @@ -0,0 +1,2084 @@ +{ + "id": "https://schema.management.azure.com/schemas/2021-06-01-preview/Microsoft.KeyVault.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.KeyVault", + "description": "Microsoft KeyVault Resource Types", + "resourceDefinitions": { + "managedHSMs": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01-preview" + ] + }, + "location": { + "type": "string", + "description": "The supported Azure location where the managed HSM Pool should be created." + }, + "name": { + "type": "string", + "description": "Name of the managed HSM Pool" + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedHsmProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of the managed HSM Pool" + }, + "resources": { + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/managedHSMs_privateEndpointConnections_childResource" + } + ] + } + }, + "sku": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedHsmSku" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "SKU details" + }, + "systemData": { + "oneOf": [ + { + "$ref": "#/definitions/SystemData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Metadata pertaining to creation and last modification of the key vault resource." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Resource tags" + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.KeyVault/managedHSMs" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/managedHSMs" + }, + "managedHSMs_privateEndpointConnections": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01-preview" + ] + }, + "etag": { + "type": "string", + "description": "Modified whenever there is a change in the state of private endpoint connection." + }, + "location": { + "type": "string", + "description": "The supported Azure location where the managed HSM Pool should be created." + }, + "name": { + "type": "string", + "description": "Name of the private endpoint connection associated with the managed hsm pool." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/MHSMPrivateEndpointConnectionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of the private endpoint connection resource." + }, + "sku": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedHsmSku" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "SKU details" + }, + "systemData": { + "oneOf": [ + { + "$ref": "#/definitions/SystemData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Metadata pertaining to creation and last modification of the key vault resource." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Resource tags" + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.KeyVault/managedHSMs/privateEndpointConnections" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/managedHSMs/privateEndpointConnections" + }, + "vaults": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01-preview" + ] + }, + "location": { + "type": "string", + "description": "The supported Azure location where the key vault should be created." + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^[a-zA-Z0-9-]{3,24}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Name of the vault" + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/VaultProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of the vault" + }, + "resources": { + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/vaults_keys_childResource" + }, + { + "$ref": "#/definitions/vaults_accessPolicies_childResource" + }, + { + "$ref": "#/definitions/vaults_privateEndpointConnections_childResource" + }, + { + "$ref": "#/definitions/vaults_secrets_childResource" + } + ] + } + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The tags that will be assigned to the key vault." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.KeyVault/vaults" + ] + } + }, + "required": [ + "apiVersion", + "location", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/vaults" + }, + "vaults_accessPolicies": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "enum": [ + "add", + "replace", + "remove" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Name of the operation." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/VaultAccessPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of the vault access policy" + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.KeyVault/vaults/accessPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/vaults/accessPolicies" + }, + "vaults_keys": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^[a-zA-Z0-9-]{1,127}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the key to be created." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/KeyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The properties of the key." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The tags that will be assigned to the key." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.KeyVault/vaults/keys" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/vaults/keys" + }, + "vaults_privateEndpointConnections": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01-preview" + ] + }, + "etag": { + "type": "string", + "description": "Modified whenever there is a change in the state of private endpoint connection." + }, + "name": { + "type": "string", + "description": "Name of the private endpoint connection associated with the key vault." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateEndpointConnectionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of the private endpoint connection resource." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.KeyVault/vaults/privateEndpointConnections" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/vaults/privateEndpointConnections" + }, + "vaults_secrets": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^[a-zA-Z0-9-]{1,127}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Name of the secret" + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SecretProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of the secret" + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The tags that will be assigned to the secret. " + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.KeyVault/vaults/secrets" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/vaults/secrets" + } + }, + "definitions": { + "AccessPolicyEntry": { + "type": "object", + "properties": { + "applicationId": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": " Application ID of the client making request on behalf of a principal" + }, + "objectId": { + "type": "string", + "description": "The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies." + }, + "permissions": { + "oneOf": [ + { + "$ref": "#/definitions/Permissions" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Permissions the identity has for keys, secrets, certificates and storage." + }, + "tenantId": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault." + } + }, + "required": [ + "objectId", + "permissions", + "tenantId" + ], + "description": "An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID." + }, + "Action": { + "type": "object", + "properties": { + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "rotate", + "notify" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of action." + } + } + }, + "IPRule": { + "type": "object", + "properties": { + "value": { + "type": "string", + "description": "An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78)." + } + }, + "required": [ + "value" + ], + "description": "A rule governing the accessibility of a vault from a specific ip address or ip range." + }, + "KeyAttributes": { + "type": "object", + "properties": { + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Determines whether or not the object is enabled." + }, + "exp": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Expiry date in seconds since 1970-01-01T00:00:00Z." + }, + "nbf": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Not before date in seconds since 1970-01-01T00:00:00Z." + } + }, + "description": "The object attributes managed by the Azure Key Vault service." + }, + "KeyProperties": { + "type": "object", + "properties": { + "attributes": { + "oneOf": [ + { + "$ref": "#/definitions/KeyAttributes" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The object attributes managed by the Azure Key Vault service." + }, + "curveName": { + "oneOf": [ + { + "type": "string", + "enum": [ + "P-256", + "P-384", + "P-521", + "P-256K" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The elliptic curve name. For valid values, see JsonWebKeyCurveName." + }, + "keyOps": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string", + "enum": [ + "encrypt", + "decrypt", + "sign", + "verify", + "wrapKey", + "unwrapKey", + "import" + ] + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "keySize": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The key size in bits. For example: 2048, 3072, or 4096 for RSA." + }, + "kty": { + "oneOf": [ + { + "type": "string", + "enum": [ + "EC", + "EC-HSM", + "RSA", + "RSA-HSM" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of the key. For valid values, see JsonWebKeyType." + }, + "rotationPolicy": { + "oneOf": [ + { + "$ref": "#/definitions/RotationPolicy" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + } + }, + "description": "The properties of the key." + }, + "KeyRotationPolicyAttributes": { + "type": "object", + "properties": { + "expiryTime": { + "type": "string", + "description": "The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'." + } + } + }, + "LifetimeAction": { + "type": "object", + "properties": { + "action": { + "oneOf": [ + { + "$ref": "#/definitions/Action" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "trigger": { + "oneOf": [ + { + "$ref": "#/definitions/Trigger" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + } + } + }, + "ManagedHsmProperties": { + "type": "object", + "properties": { + "createMode": { + "oneOf": [ + { + "type": "string", + "enum": [ + "recover", + "default" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The create mode to indicate whether the resource is being created or is being recovered from a deleted resource." + }, + "enablePurgeProtection": { + "oneOf": [ + { + "type": "boolean", + "default": true + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Property specifying whether protection against purge is enabled for this managed HSM pool. Setting this property to true activates protection against purge for this managed HSM pool and its content - only the Managed HSM service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible." + }, + "enableSoftDelete": { + "oneOf": [ + { + "type": "boolean", + "default": true + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Property to specify whether the 'soft delete' functionality is enabled for this managed HSM pool. If it's not set to any value(true or false) when creating new managed HSM pool, it will be set to true by default. Once set to true, it cannot be reverted to false." + }, + "initialAdminObjectIds": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Array of initial administrators object ids for this managed hsm pool." + }, + "networkAcls": { + "oneOf": [ + { + "$ref": "#/definitions/MHSMNetworkRuleSet" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A set of rules governing the network accessibility of a managed hsm pool." + }, + "publicNetworkAccess": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Control permission for data plane traffic coming from public networks while private endpoint is enabled." + }, + "softDeleteRetentionInDays": { + "oneOf": [ + { + "type": "integer", + "default": "90" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "softDelete data retention days. It accepts >=7 and <=90." + }, + "tenantId": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Azure Active Directory tenant ID that should be used for authenticating requests to the managed HSM pool." + } + }, + "description": "Properties of the managed HSM Pool" + }, + "ManagedHsmSku": { + "type": "object", + "properties": { + "family": { + "oneOf": [ + { + "type": "string", + "enum": [ + "B" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "SKU Family of the managed HSM Pool" + }, + "name": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Standard_B1", + "Custom_B32" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "SKU of the managed HSM Pool." + } + }, + "required": [ + "family", + "name" + ], + "description": "SKU details" + }, + "managedHSMs_privateEndpointConnections_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01-preview" + ] + }, + "etag": { + "type": "string", + "description": "Modified whenever there is a change in the state of private endpoint connection." + }, + "location": { + "type": "string", + "description": "The supported Azure location where the managed HSM Pool should be created." + }, + "name": { + "type": "string", + "description": "Name of the private endpoint connection associated with the managed hsm pool." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/MHSMPrivateEndpointConnectionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of the private endpoint connection resource." + }, + "sku": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedHsmSku" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "SKU details" + }, + "systemData": { + "oneOf": [ + { + "$ref": "#/definitions/SystemData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Metadata pertaining to creation and last modification of the key vault resource." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Resource tags" + }, + "type": { + "type": "string", + "enum": [ + "privateEndpointConnections" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/managedHSMs/privateEndpointConnections" + }, + "MHSMIPRule": { + "type": "object", + "properties": { + "value": { + "type": "string", + "description": "An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78)." + } + }, + "required": [ + "value" + ], + "description": "A rule governing the accessibility of a managed hsm pool from a specific ip address or ip range." + }, + "MHSMNetworkRuleSet": { + "type": "object", + "properties": { + "bypass": { + "oneOf": [ + { + "type": "string", + "enum": [ + "AzureServices", + "None" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'." + }, + "defaultAction": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Allow", + "Deny" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated." + }, + "ipRules": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/MHSMIPRule" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The list of IP address rules." + }, + "virtualNetworkRules": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/MHSMVirtualNetworkRule" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The list of virtual network rules." + } + }, + "description": "A set of rules governing the network accessibility of a managed hsm pool." + }, + "MHSMPrivateEndpoint": { + "type": "object", + "properties": {}, + "description": "Private endpoint object properties." + }, + "MHSMPrivateEndpointConnectionProperties": { + "type": "object", + "properties": { + "privateEndpoint": { + "oneOf": [ + { + "$ref": "#/definitions/MHSMPrivateEndpoint" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Private endpoint object properties." + }, + "privateLinkServiceConnectionState": { + "oneOf": [ + { + "$ref": "#/definitions/MHSMPrivateLinkServiceConnectionState" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "An object that represents the approval state of the private link connection." + }, + "provisioningState": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Succeeded", + "Creating", + "Updating", + "Deleting", + "Failed", + "Disconnected" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Provisioning state of the private endpoint connection." + } + }, + "description": "Properties of the private endpoint connection resource." + }, + "MHSMPrivateLinkServiceConnectionState": { + "type": "object", + "properties": { + "actionsRequired": { + "oneOf": [ + { + "type": "string", + "enum": [ + "None" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A message indicating if changes on the service provider require any updates on the consumer." + }, + "description": { + "type": "string", + "description": "The reason for approval or rejection." + }, + "status": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Pending", + "Approved", + "Rejected", + "Disconnected" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Indicates whether the connection has been approved, rejected or removed by the key vault owner." + } + }, + "description": "An object that represents the approval state of the private link connection." + }, + "MHSMVirtualNetworkRule": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'." + } + }, + "required": [ + "id" + ], + "description": "A rule governing the accessibility of a managed hsm pool from a specific virtual network." + }, + "NetworkRuleSet": { + "type": "object", + "properties": { + "bypass": { + "oneOf": [ + { + "type": "string", + "enum": [ + "AzureServices", + "None" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'." + }, + "defaultAction": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Allow", + "Deny" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated." + }, + "ipRules": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/IPRule" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The list of IP address rules." + }, + "virtualNetworkRules": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/VirtualNetworkRule" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The list of virtual network rules." + } + }, + "description": "A set of rules governing the network accessibility of a vault." + }, + "Permissions": { + "type": "object", + "properties": { + "certificates": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string", + "enum": [ + "all", + "get", + "list", + "delete", + "create", + "import", + "update", + "managecontacts", + "getissuers", + "listissuers", + "setissuers", + "deleteissuers", + "manageissuers", + "recover", + "purge", + "backup", + "restore" + ] + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Permissions to certificates" + }, + "keys": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string", + "enum": [ + "all", + "encrypt", + "decrypt", + "wrapKey", + "unwrapKey", + "sign", + "verify", + "get", + "list", + "create", + "update", + "import", + "delete", + "backup", + "restore", + "recover", + "purge", + "release" + ] + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Permissions to keys" + }, + "secrets": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string", + "enum": [ + "all", + "get", + "list", + "set", + "delete", + "backup", + "restore", + "recover", + "purge" + ] + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Permissions to secrets" + }, + "storage": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string", + "enum": [ + "all", + "get", + "list", + "delete", + "set", + "update", + "regeneratekey", + "recover", + "purge", + "backup", + "restore", + "setsas", + "listsas", + "getsas", + "deletesas" + ] + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Permissions to storage accounts" + } + }, + "description": "Permissions the identity has for keys, secrets, certificates and storage." + }, + "PrivateEndpoint": { + "type": "object", + "properties": {}, + "description": "Private endpoint object properties." + }, + "PrivateEndpointConnectionProperties": { + "type": "object", + "properties": { + "privateEndpoint": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateEndpoint" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Private endpoint object properties." + }, + "privateLinkServiceConnectionState": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateLinkServiceConnectionState" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "An object that represents the approval state of the private link connection." + }, + "provisioningState": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Succeeded", + "Creating", + "Updating", + "Deleting", + "Failed", + "Disconnected" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Provisioning state of the private endpoint connection." + } + }, + "description": "Properties of the private endpoint connection resource." + }, + "PrivateLinkServiceConnectionState": { + "type": "object", + "properties": { + "actionsRequired": { + "oneOf": [ + { + "type": "string", + "enum": [ + "None" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A message indicating if changes on the service provider require any updates on the consumer." + }, + "description": { + "type": "string", + "description": "The reason for approval or rejection." + }, + "status": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Pending", + "Approved", + "Rejected", + "Disconnected" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Indicates whether the connection has been approved, rejected or removed by the key vault owner." + } + }, + "description": "An object that represents the approval state of the private link connection." + }, + "RotationPolicy": { + "type": "object", + "properties": { + "attributes": { + "oneOf": [ + { + "$ref": "#/definitions/KeyRotationPolicyAttributes" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "lifetimeActions": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/LifetimeAction" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The lifetimeActions for key rotation action." + } + } + }, + "SecretAttributes": { + "type": "object", + "properties": { + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Determines whether the object is enabled." + }, + "exp": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Expiry date in seconds since 1970-01-01T00:00:00Z." + }, + "nbf": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Not before date in seconds since 1970-01-01T00:00:00Z." + } + }, + "description": "The secret management attributes." + }, + "SecretProperties": { + "type": "object", + "properties": { + "attributes": { + "oneOf": [ + { + "$ref": "#/definitions/SecretAttributes" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The secret management attributes." + }, + "contentType": { + "type": "string", + "description": "The content type of the secret." + }, + "value": { + "type": "string", + "description": "The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets." + } + }, + "description": "Properties of the secret" + }, + "Sku": { + "type": "object", + "properties": { + "family": { + "oneOf": [ + { + "type": "string", + "enum": [ + "A" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "SKU family name" + }, + "name": { + "oneOf": [ + { + "type": "string", + "enum": [ + "standard", + "premium" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "SKU name to specify whether the key vault is a standard vault or a premium vault." + } + }, + "required": [ + "family", + "name" + ], + "description": "SKU details" + }, + "SystemData": { + "type": "object", + "properties": { + "createdAt": { + "type": "string", + "format": "date-time", + "description": "The timestamp of the key vault resource creation (UTC)." + }, + "createdBy": { + "type": "string", + "description": "The identity that created the key vault resource." + }, + "createdByType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "User", + "Application", + "ManagedIdentity", + "Key" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of identity that created the key vault resource." + }, + "lastModifiedAt": { + "type": "string", + "format": "date-time", + "description": "The timestamp of the key vault resource last modification (UTC)." + }, + "lastModifiedBy": { + "type": "string", + "description": "The identity that last modified the key vault resource." + }, + "lastModifiedByType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "User", + "Application", + "ManagedIdentity", + "Key" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of identity that last modified the key vault resource." + } + }, + "description": "Metadata pertaining to creation and last modification of the key vault resource." + }, + "Trigger": { + "type": "object", + "properties": { + "timeAfterCreate": { + "type": "string", + "description": "The time duration after key creation to rotate the key. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'." + }, + "timeBeforeExpiry": { + "type": "string", + "description": "The time duration before key expiring to rotate the key. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'." + } + } + }, + "VaultAccessPolicyProperties": { + "type": "object", + "properties": { + "accessPolicies": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/AccessPolicyEntry" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID." + } + }, + "required": [ + "accessPolicies" + ], + "description": "Properties of the vault access policy" + }, + "VaultProperties": { + "type": "object", + "properties": { + "accessPolicies": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/AccessPolicyEntry" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required." + }, + "createMode": { + "oneOf": [ + { + "type": "string", + "enum": [ + "recover", + "default" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The vault's create mode to indicate whether the vault need to be recovered or not." + }, + "enabledForDeployment": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault." + }, + "enabledForDiskEncryption": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys." + }, + "enabledForTemplateDeployment": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault." + }, + "enablePurgeProtection": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value." + }, + "enableRbacAuthorization": { + "oneOf": [ + { + "type": "boolean", + "default": false + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored (warning: this is a preview feature). When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC." + }, + "enableSoftDelete": { + "oneOf": [ + { + "type": "boolean", + "default": true + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false." + }, + "networkAcls": { + "oneOf": [ + { + "$ref": "#/definitions/NetworkRuleSet" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A set of rules governing the network accessibility of a vault." + }, + "provisioningState": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Succeeded", + "RegisteringDns" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Provisioning state of the vault." + }, + "publicNetworkAccess": { + "type": "string", + "default": "enabled", + "description": "Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules." + }, + "sku": { + "oneOf": [ + { + "$ref": "#/definitions/Sku" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "SKU details" + }, + "softDeleteRetentionInDays": { + "oneOf": [ + { + "type": "integer", + "default": "90" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "softDelete data retention days. It accepts >=7 and <=90." + }, + "tenantId": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault." + }, + "vaultUri": { + "type": "string", + "description": "The URI of the vault for performing operations on keys and secrets." + } + }, + "required": [ + "sku", + "tenantId" + ], + "description": "Properties of the vault" + }, + "vaults_accessPolicies_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "enum": [ + "add", + "replace", + "remove" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Name of the operation." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/VaultAccessPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of the vault access policy" + }, + "type": { + "type": "string", + "enum": [ + "accessPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/vaults/accessPolicies" + }, + "vaults_keys_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^[a-zA-Z0-9-]{1,127}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the key to be created." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/KeyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The properties of the key." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The tags that will be assigned to the key." + }, + "type": { + "type": "string", + "enum": [ + "keys" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/vaults/keys" + }, + "vaults_privateEndpointConnections_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01-preview" + ] + }, + "etag": { + "type": "string", + "description": "Modified whenever there is a change in the state of private endpoint connection." + }, + "name": { + "type": "string", + "description": "Name of the private endpoint connection associated with the key vault." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateEndpointConnectionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of the private endpoint connection resource." + }, + "type": { + "type": "string", + "enum": [ + "privateEndpointConnections" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/vaults/privateEndpointConnections" + }, + "vaults_secrets_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^[a-zA-Z0-9-]{1,127}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Name of the secret" + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SecretProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of the secret" + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The tags that will be assigned to the secret. " + }, + "type": { + "type": "string", + "enum": [ + "secrets" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/vaults/secrets" + }, + "VirtualNetworkRule": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'." + }, + "ignoreMissingVnetServiceEndpoint": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured." + } + }, + "required": [ + "id" + ], + "description": "A rule governing the accessibility of a vault from a specific virtual network." + } + } +} \ No newline at end of file diff --git a/schemas/2021-06-01-preview/Microsoft.Synapse.json b/schemas/2021-06-01-preview/Microsoft.Synapse.json index 135fdd7930..e590d80a35 100644 --- a/schemas/2021-06-01-preview/Microsoft.Synapse.json +++ b/schemas/2021-06-01-preview/Microsoft.Synapse.json @@ -118,9 +118,6 @@ { "$ref": "#/definitions/workspaces_keys_childResource" }, - { - "$ref": "#/definitions/workspaces_kustoPools_childResource" - }, { "$ref": "#/definitions/workspaces_privateEndpointConnections_childResource" }, @@ -150,6 +147,9 @@ }, { "$ref": "#/definitions/workspaces_managedIdentitySqlControlSettings_childResource" + }, + { + "$ref": "#/definitions/workspaces_kustoPools_childResource" } ] } @@ -2202,13 +2202,13 @@ "sparkConfigProperties": { "oneOf": [ { - "$ref": "#/definitions/LibraryRequirements" + "$ref": "#/definitions/SparkConfigProperties" }, { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Library requirements for a Big Data pool powered by Apache Spark" + "description": "SparkConfig Properties for a Big Data pool powered by Apache Spark" }, "sparkEventsFolder": { "type": "string", @@ -3696,6 +3696,10 @@ "type": "string", "description": "The name of the subnet this integration runtime will join." }, + "subnetId": { + "type": "string", + "description": "The ID of subnet, to which this Azure-SSIS integration runtime will be joined." + }, "vNetId": { "type": "string", "description": "The ID of the VNet that this integration runtime will join." @@ -4961,6 +4965,35 @@ }, "description": "SQL pool SKU" }, + "SparkConfigProperties": { + "type": "object", + "properties": { + "configurationType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "File", + "Artifact" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of the spark config properties file." + }, + "content": { + "type": "string", + "description": "The spark config properties." + }, + "filename": { + "type": "string", + "description": "The filename of the spark config properties file." + } + }, + "description": "SparkConfig Properties for a Big Data pool powered by Apache Spark" + }, "SqlPoolBlobAuditingPolicyProperties": { "type": "object", "properties": { diff --git a/schemas/2021-06-01/Microsoft.Authorization.Resources.json b/schemas/2021-06-01/Microsoft.Authorization.Resources.json new file mode 100644 index 0000000000..521ac3d794 --- /dev/null +++ b/schemas/2021-06-01/Microsoft.Authorization.Resources.json @@ -0,0 +1,642 @@ +{ + "id": "https://schema.management.azure.com/schemas/2021-06-01/Microsoft.Authorization.Resources.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Authorization", + "description": "Microsoft Authorization Resource Types", + "resourceDefinitions": {}, + "subscription_resourceDefinitions": { + "policyDefinitions": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01" + ] + }, + "name": { + "type": "string", + "description": "The name of the policy definition to create." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/PolicyDefinitionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The policy definition properties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/policyDefinitions" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/policyDefinitions" + }, + "policySetDefinitions": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01" + ] + }, + "name": { + "type": "string", + "description": "The name of the policy set definition to create." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/PolicySetDefinitionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The policy set definition properties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/policySetDefinitions" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/policySetDefinitions" + } + }, + "managementGroup_resourceDefinitions": { + "policyDefinitions": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01" + ] + }, + "name": { + "type": "string", + "description": "The name of the policy definition to create." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/PolicyDefinitionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The policy definition properties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/policyDefinitions" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/policyDefinitions" + }, + "policySetDefinitions": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01" + ] + }, + "name": { + "type": "string", + "description": "The name of the policy set definition to create." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/PolicySetDefinitionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The policy set definition properties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/policySetDefinitions" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/policySetDefinitions" + } + }, + "unknown_resourceDefinitions": { + "policyAssignments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01" + ] + }, + "identity": { + "oneOf": [ + { + "$ref": "#/definitions/Identity" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Identity for the resource. Policy assignments support a maximum of one identity. That is either a system assigned identity or a single user assigned identity." + }, + "location": { + "type": "string", + "description": "The location of the policy assignment. Only required when utilizing managed identity." + }, + "name": { + "type": "string", + "description": "The name of the policy assignment." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/PolicyAssignmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The policy assignment properties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/policyAssignments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/policyAssignments" + } + }, + "definitions": { + "Identity": { + "type": "object", + "properties": { + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "SystemAssigned", + "UserAssigned", + "None" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The identity type. This is the only required field when adding a system or user assigned identity to a resource." + }, + "userAssignedIdentities": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/UserAssignedIdentitiesValue" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'." + } + }, + "description": "Identity for the resource. Policy assignments support a maximum of one identity. That is either a system assigned identity or a single user assigned identity." + }, + "NonComplianceMessage": { + "type": "object", + "properties": { + "message": { + "type": "string", + "description": "A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results." + }, + "policyDefinitionReferenceId": { + "type": "string", + "description": "The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment." + } + }, + "required": [ + "message" + ], + "description": "A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results." + }, + "ParameterDefinitionsValue": { + "type": "object", + "properties": { + "allowedValues": { + "oneOf": [ + { + "type": "array", + "items": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The allowed values for the parameter." + }, + "defaultValue": { + "description": "The default value for the parameter if no value is provided." + }, + "metadata": { + "oneOf": [ + { + "$ref": "#/definitions/ParameterDefinitionsValueMetadata" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "General metadata for the parameter." + }, + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "String", + "Array", + "Object", + "Boolean", + "Integer", + "Float", + "DateTime" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The data type of the parameter." + } + }, + "description": "The definition of a parameter that can be provided to the policy." + }, + "ParameterDefinitionsValueMetadata": { + "type": "object", + "properties": { + "additionalProperties": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "object", + "properties": {} + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Unmatched properties from the message are deserialized this collection" + }, + "assignPermissions": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope." + }, + "description": { + "type": "string", + "description": "The description of the parameter." + }, + "displayName": { + "type": "string", + "description": "The display name for the parameter." + }, + "strongType": { + "type": "string", + "description": "Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from." + } + }, + "description": "General metadata for the parameter." + }, + "ParameterValuesValue": { + "type": "object", + "properties": { + "value": { + "type": "object", + "properties": {}, + "description": "The value of the parameter." + } + }, + "description": "The value of a parameter." + }, + "PolicyAssignmentProperties": { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "This message will be part of response in case of policy violation." + }, + "displayName": { + "type": "string", + "description": "The display name of the policy assignment." + }, + "enforcementMode": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Default", + "DoNotEnforce" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The policy assignment enforcement mode. Possible values are Default and DoNotEnforce." + }, + "metadata": { + "type": "object", + "properties": {}, + "description": "The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs." + }, + "nonComplianceMessages": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/NonComplianceMessage" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The messages that describe why a resource is non-compliant with the policy." + }, + "notScopes": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The policy's excluded scopes." + }, + "parameters": { + "description": "The parameter values for the policy rule. The keys are the parameter names." + }, + "policyDefinitionId": { + "type": "string", + "description": "The ID of the policy definition or policy set definition being assigned." + } + }, + "description": "The policy assignment properties." + }, + "PolicyDefinitionGroup": { + "type": "object", + "properties": { + "additionalMetadataId": { + "type": "string", + "description": "A resource ID of a resource that contains additional metadata about the group." + }, + "category": { + "type": "string", + "description": "The group's category." + }, + "description": { + "type": "string", + "description": "The group's description." + }, + "displayName": { + "type": "string", + "description": "The group's display name." + }, + "name": { + "type": "string", + "description": "The name of the group." + } + }, + "required": [ + "name" + ], + "description": "The policy definition group." + }, + "PolicyDefinitionProperties": { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "The policy definition description." + }, + "displayName": { + "type": "string", + "description": "The display name of the policy definition." + }, + "metadata": { + "type": "object", + "properties": {}, + "description": "The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs." + }, + "mode": { + "type": "string", + "default": "Indexed", + "description": "The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data." + }, + "parameters": { + "description": "The parameter definitions for parameters used in the policy. The keys are the parameter names." + }, + "policyRule": { + "type": "object", + "properties": {}, + "description": "The policy rule." + }, + "policyType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "NotSpecified", + "BuiltIn", + "Custom", + "Static" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static." + } + }, + "description": "The policy definition properties." + }, + "PolicyDefinitionReference": { + "type": "object", + "properties": { + "groupNames": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the groups that this policy definition reference belongs to." + }, + "parameters": { + "description": "The parameter values for the policy rule. The keys are the parameter names." + }, + "policyDefinitionId": { + "type": "string", + "description": "The ID of the policy definition or policy set definition." + }, + "policyDefinitionReferenceId": { + "type": "string", + "description": "A unique id (within the policy set definition) for this policy definition reference." + } + }, + "required": [ + "policyDefinitionId" + ], + "description": "The policy definition reference." + }, + "PolicySetDefinitionProperties": { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "The policy set definition description." + }, + "displayName": { + "type": "string", + "description": "The display name of the policy set definition." + }, + "metadata": { + "type": "object", + "properties": {}, + "description": "The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs." + }, + "parameters": { + "description": "The parameter definitions for parameters used in the policy. The keys are the parameter names." + }, + "policyDefinitionGroups": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/PolicyDefinitionGroup" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The metadata describing groups of policy definition references within the policy set definition." + }, + "policyDefinitions": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/PolicyDefinitionReference" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "An array of policy definition references." + }, + "policyType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "NotSpecified", + "BuiltIn", + "Custom", + "Static" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static." + } + }, + "required": [ + "policyDefinitions" + ], + "description": "The policy set definition properties." + }, + "UserAssignedIdentitiesValue": { + "type": "object", + "properties": {} + } + } +} \ No newline at end of file diff --git a/schemas/2021-06-01/Microsoft.Security.json b/schemas/2021-06-01/Microsoft.Security.json index 3ddcef0580..8324cd740c 100644 --- a/schemas/2021-06-01/Microsoft.Security.json +++ b/schemas/2021-06-01/Microsoft.Security.json @@ -5,45 +5,6 @@ "description": "Microsoft Security Resource Types", "resourceDefinitions": {}, "subscription_resourceDefinitions": { - "assessmentMetadata": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2021-06-01" - ] - }, - "name": { - "type": "string", - "description": "The Assessment Key - Unique key for the assessment type" - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/SecurityAssessmentMetadataProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Describes properties of an assessment metadata." - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.Security/assessmentMetadata" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.Security/assessmentMetadata" - }, "settings": { "type": "object", "oneOf": [ @@ -92,47 +53,6 @@ "description": "Microsoft.Security/settings" } }, - "unknown_resourceDefinitions": { - "assessments": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2021-06-01" - ] - }, - "name": { - "type": "string", - "description": "The Assessment Key - Unique key for the assessment type" - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/SecurityAssessmentProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Describes properties of an assessment." - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.Security/assessments" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.Security/assessments" - } - }, "definitions": { "AlertSyncSettingProperties": { "type": "object", @@ -180,59 +100,6 @@ ], "description": "Represents an alert sync setting" }, - "AssessmentLinks": { - "type": "object", - "properties": {}, - "description": "Links relevant to the assessment" - }, - "AssessmentStatus": { - "type": "object", - "properties": { - "cause": { - "type": "string", - "description": "Programmatic code for the cause of the assessment status" - }, - "code": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Healthy", - "Unhealthy", - "NotApplicable" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Programmatic code for the status of the assessment." - }, - "description": { - "type": "string", - "description": "Human readable description of the assessment status" - } - }, - "required": [ - "code" - ], - "description": "The result of the assessment" - }, - "AzureResourceDetails": { - "type": "object", - "properties": { - "source": { - "type": "string", - "enum": [ - "Azure" - ] - } - }, - "required": [ - "source" - ], - "description": "Details of the Azure resource that was assessed" - }, "DataExportSettingProperties": { "type": "object", "properties": { @@ -278,357 +145,6 @@ "kind" ], "description": "Represents a data export setting" - }, - "OnPremiseResourceDetails": { - "type": "object", - "oneOf": [ - { - "$ref": "#/definitions/OnPremiseSqlResourceDetails" - } - ], - "properties": { - "machineName": { - "type": "string", - "description": "The name of the machine" - }, - "source": { - "type": "string", - "enum": [ - "OnPremise" - ] - }, - "sourceComputerId": { - "type": "string", - "description": "The oms agent Id installed on the machine" - }, - "vmuuid": { - "type": "string", - "description": "The unique Id of the machine" - }, - "workspaceId": { - "type": "string", - "description": "Azure resource Id of the workspace the machine is attached to" - } - }, - "required": [ - "machineName", - "source", - "sourceComputerId", - "vmuuid", - "workspaceId" - ], - "description": "Details of the On Premise resource that was assessed" - }, - "OnPremiseSqlResourceDetails": { - "type": "object", - "properties": { - "databaseName": { - "type": "string", - "description": "The Sql database name installed on the machine" - }, - "serverName": { - "type": "string", - "description": "The Sql server name installed on the machine" - }, - "source": { - "type": "string", - "enum": [ - "OnPremiseSql" - ] - } - }, - "required": [ - "databaseName", - "serverName", - "source" - ], - "description": "Details of the On Premise Sql resource that was assessed" - }, - "ResourceDetails": { - "type": "object", - "oneOf": [ - { - "$ref": "#/definitions/AzureResourceDetails" - }, - { - "$ref": "#/definitions/OnPremiseResourceDetails" - } - ], - "properties": {}, - "description": "Details of the resource that was assessed" - }, - "SecurityAssessmentMetadataPartnerData": { - "type": "object", - "properties": { - "partnerName": { - "type": "string", - "description": "Name of the company of the partner" - }, - "productName": { - "type": "string", - "description": "Name of the product of the partner that created the assessment" - }, - "secret": { - "type": "string", - "description": "Secret to authenticate the partner and verify it created the assessment - write only" - } - }, - "required": [ - "partnerName", - "secret" - ], - "description": "Describes the partner that created the assessment" - }, - "SecurityAssessmentMetadataProperties": { - "type": "object", - "properties": { - "assessmentType": { - "oneOf": [ - { - "type": "string", - "enum": [ - "BuiltIn", - "CustomPolicy", - "CustomerManaged", - "VerifiedPartner" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition." - }, - "categories": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "Compute", - "Networking", - "Data", - "IdentityAndAccess", - "IoT" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ] - }, - "description": { - "type": "string", - "description": "Human readable description of the assessment" - }, - "displayName": { - "type": "string", - "description": "User friendly display name of the assessment" - }, - "implementationEffort": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Low", - "Moderate", - "High" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The implementation effort required to remediate this assessment." - }, - "partnerData": { - "oneOf": [ - { - "$ref": "#/definitions/SecurityAssessmentMetadataPartnerData" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Describes the partner that created the assessment" - }, - "preview": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "True if this assessment is in preview release status" - }, - "remediationDescription": { - "type": "string", - "description": "Human readable description of what you should do to mitigate this security issue" - }, - "severity": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Low", - "Medium", - "High" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The severity level of the assessment." - }, - "threats": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "accountBreach", - "dataExfiltration", - "dataSpillage", - "maliciousInsider", - "elevationOfPrivilege", - "threatResistance", - "missingCoverage", - "denialOfService" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ] - }, - "userImpact": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Low", - "Moderate", - "High" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The user impact of the assessment." - } - }, - "required": [ - "assessmentType", - "displayName", - "severity" - ], - "description": "Describes properties of an assessment metadata." - }, - "SecurityAssessmentPartnerData": { - "type": "object", - "properties": { - "partnerName": { - "type": "string", - "description": "Name of the company of the partner" - }, - "secret": { - "type": "string", - "description": "secret to authenticate the partner - write only" - } - }, - "required": [ - "partnerName", - "secret" - ], - "description": "Data regarding 3rd party partner integration" - }, - "SecurityAssessmentProperties": { - "type": "object", - "properties": { - "additionalData": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Additional data regarding the assessment" - }, - "links": { - "oneOf": [ - { - "$ref": "#/definitions/AssessmentLinks" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Links relevant to the assessment" - }, - "metadata": { - "oneOf": [ - { - "$ref": "#/definitions/SecurityAssessmentMetadataProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Describes properties of an assessment metadata." - }, - "partnersData": { - "oneOf": [ - { - "$ref": "#/definitions/SecurityAssessmentPartnerData" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Data regarding 3rd party partner integration" - }, - "resourceDetails": { - "oneOf": [ - { - "$ref": "#/definitions/ResourceDetails" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Details of the resource that was assessed" - }, - "status": { - "oneOf": [ - { - "$ref": "#/definitions/AssessmentStatus" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The result of the assessment" - } - }, - "required": [ - "resourceDetails", - "status" - ], - "description": "Describes properties of an assessment." } } } \ No newline at end of file diff --git a/schemas/2021-06-01/Microsoft.ServiceFabric.json b/schemas/2021-06-01/Microsoft.ServiceFabric.json new file mode 100644 index 0000000000..d7f892d16a --- /dev/null +++ b/schemas/2021-06-01/Microsoft.ServiceFabric.json @@ -0,0 +1,2671 @@ +{ + "id": "https://schema.management.azure.com/schemas/2021-06-01/Microsoft.ServiceFabric.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.ServiceFabric", + "description": "Microsoft ServiceFabric Resource Types", + "resourceDefinitions": { + "clusters": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01" + ] + }, + "location": { + "type": "string", + "description": "Azure resource location." + }, + "name": { + "type": "string", + "description": "The name of the cluster resource." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ClusterProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describes the cluster resource properties." + }, + "resources": { + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/clusters_applicationTypes_childResource" + }, + { + "$ref": "#/definitions/clusters_applications_childResource" + } + ] + } + }, + "systemData": { + "oneOf": [ + { + "$ref": "#/definitions/SystemData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Metadata pertaining to creation and last modification of the resource." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Azure resource tags." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.ServiceFabric/clusters" + ] + } + }, + "required": [ + "apiVersion", + "location", + "name", + "properties", + "type" + ], + "description": "Microsoft.ServiceFabric/clusters" + }, + "clusters_applications": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01" + ] + }, + "identity": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedIdentity" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describes the managed identities for an Azure resource." + }, + "location": { + "type": "string", + "description": "It will be deprecated in New API, resource location depends on the parent resource." + }, + "name": { + "type": "string", + "description": "The name of the application resource." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ApplicationResourceProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The application resource properties." + }, + "resources": { + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/clusters_applications_services_childResource" + } + ] + } + }, + "systemData": { + "oneOf": [ + { + "$ref": "#/definitions/SystemData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Metadata pertaining to creation and last modification of the resource." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Azure resource tags." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.ServiceFabric/clusters/applications" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.ServiceFabric/clusters/applications" + }, + "clusters_applications_services": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01" + ] + }, + "location": { + "type": "string", + "description": "It will be deprecated in New API, resource location depends on the parent resource." + }, + "name": { + "type": "string", + "description": "The name of the service resource in the format of {applicationName}~{serviceName}." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ServiceResourceProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The service resource properties." + }, + "systemData": { + "oneOf": [ + { + "$ref": "#/definitions/SystemData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Metadata pertaining to creation and last modification of the resource." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Azure resource tags." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.ServiceFabric/clusters/applications/services" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.ServiceFabric/clusters/applications/services" + }, + "clusters_applicationTypes": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01" + ] + }, + "location": { + "type": "string", + "description": "It will be deprecated in New API, resource location depends on the parent resource." + }, + "name": { + "type": "string", + "description": "The name of the application type name resource." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ApplicationTypeResourceProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The application type name properties" + }, + "resources": { + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/clusters_applicationTypes_versions_childResource" + } + ] + } + }, + "systemData": { + "oneOf": [ + { + "$ref": "#/definitions/SystemData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Metadata pertaining to creation and last modification of the resource." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Azure resource tags." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.ServiceFabric/clusters/applicationTypes" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.ServiceFabric/clusters/applicationTypes" + }, + "clusters_applicationTypes_versions": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01" + ] + }, + "location": { + "type": "string", + "description": "It will be deprecated in New API, resource location depends on the parent resource." + }, + "name": { + "type": "string", + "description": "The application type version." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ApplicationTypeVersionResourceProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The properties of the application type version resource." + }, + "systemData": { + "oneOf": [ + { + "$ref": "#/definitions/SystemData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Metadata pertaining to creation and last modification of the resource." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Azure resource tags." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.ServiceFabric/clusters/applicationTypes/versions" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.ServiceFabric/clusters/applicationTypes/versions" + } + }, + "definitions": { + "ApplicationDeltaHealthPolicy": { + "type": "object", + "properties": { + "defaultServiceTypeDeltaHealthPolicy": { + "oneOf": [ + { + "$ref": "#/definitions/ServiceTypeDeltaHealthPolicy" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Represents the delta health policy used to evaluate the health of services belonging to a service type when upgrading the cluster.\n" + }, + "serviceTypeDeltaHealthPolicies": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/ServiceTypeDeltaHealthPolicy" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Defines a map that contains specific delta health policies for different service types.\nEach entry specifies as key the service type name and as value a ServiceTypeDeltaHealthPolicy used to evaluate the service health when upgrading the cluster.\nThe map is empty by default.\n" + } + }, + "description": "Defines a delta health policy used to evaluate the health of an application or one of its child entities when upgrading the cluster.\n" + }, + "ApplicationHealthPolicy": { + "type": "object", + "properties": { + "defaultServiceTypeHealthPolicy": { + "oneOf": [ + { + "$ref": "#/definitions/ServiceTypeHealthPolicy" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Represents the health policy used to evaluate the health of services belonging to a service type.\n" + }, + "serviceTypeHealthPolicies": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/ServiceTypeHealthPolicy" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Defines a ServiceTypeHealthPolicy per service type name.\n\nThe entries in the map replace the default service type health policy for each specified service type.\nFor example, in an application that contains both a stateless gateway service type and a stateful engine service type, the health policies for the stateless and stateful services can be configured differently.\nWith policy per service type, there's more granular control of the health of the service.\n\nIf no policy is specified for a service type name, the DefaultServiceTypeHealthPolicy is used for evaluation.\n" + } + }, + "description": "Defines a health policy used to evaluate the health of an application or one of its children entities.\n" + }, + "ApplicationMetricDescription": { + "type": "object", + "properties": { + "maximumCapacity": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The maximum node capacity for Service Fabric application.\nThis is the maximum Load for an instance of this application on a single node. Even if the capacity of node is greater than this value, Service Fabric will limit the total load of services within the application on each node to this value.\nIf set to zero, capacity for this metric is unlimited on each node.\nWhen creating a new application with application capacity defined, the product of MaximumNodes and this value must always be smaller than or equal to TotalApplicationCapacity.\nWhen updating existing application with application capacity, the product of MaximumNodes and this value must always be smaller than or equal to TotalApplicationCapacity.\n" + }, + "name": { + "type": "string", + "description": "The name of the metric." + }, + "reservationCapacity": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The node reservation capacity for Service Fabric application.\nThis is the amount of load which is reserved on nodes which have instances of this application.\nIf MinimumNodes is specified, then the product of these values will be the capacity reserved in the cluster for the application.\nIf set to zero, no capacity is reserved for this metric.\nWhen setting application capacity or when updating application capacity; this value must be smaller than or equal to MaximumCapacity for each metric.\n" + }, + "totalApplicationCapacity": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The total metric capacity for Service Fabric application.\nThis is the total metric capacity for this application in the cluster. Service Fabric will try to limit the sum of loads of services within the application to this value.\nWhen creating a new application with application capacity defined, the product of MaximumNodes and MaximumCapacity must always be smaller than or equal to this value.\n" + } + }, + "description": "Describes capacity information for a custom resource balancing metric. This can be used to limit the total consumption of this metric by the services of this application.\n" + }, + "ApplicationResourceProperties": { + "type": "object", + "properties": { + "managedIdentities": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ApplicationUserAssignedIdentity" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "List of user assigned identities for the application, each mapped to a friendly name." + }, + "maximumNodes": { + "oneOf": [ + { + "type": "integer", + "minimum": 0, + "default": "0" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The maximum number of nodes where Service Fabric will reserve capacity for this application. Note that this does not mean that the services of this application will be placed on all of those nodes. By default, the value of this property is zero and it means that the services can be placed on any node." + }, + "metrics": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ApplicationMetricDescription" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "List of application capacity metric description." + }, + "minimumNodes": { + "oneOf": [ + { + "type": "integer", + "minimum": 0 + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The minimum number of nodes where Service Fabric will reserve capacity for this application. Note that this does not mean that the services of this application will be placed on all of those nodes. If this property is set to zero, no capacity will be reserved. The value of this property cannot be more than the value of the MaximumNodes property." + }, + "parameters": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "List of application parameters with overridden values from their default values specified in the application manifest." + }, + "removeApplicationCapacity": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Remove the current application capacity settings." + }, + "typeName": { + "type": "string", + "description": "The application type name as defined in the application manifest." + }, + "typeVersion": { + "type": "string", + "description": "The version of the application type as defined in the application manifest." + }, + "upgradePolicy": { + "oneOf": [ + { + "$ref": "#/definitions/ApplicationUpgradePolicy" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describes the policy for a monitored application upgrade." + } + }, + "description": "The application resource properties." + }, + "ApplicationTypeResourceProperties": { + "type": "object", + "properties": {}, + "description": "The application type name properties" + }, + "ApplicationTypeVersionResourceProperties": { + "type": "object", + "properties": { + "appPackageUrl": { + "type": "string", + "description": "The URL to the application package" + } + }, + "required": [ + "appPackageUrl" + ], + "description": "The properties of the application type version resource." + }, + "ApplicationTypeVersionsCleanupPolicy": { + "type": "object", + "properties": { + "maxUnusedVersionsToKeep": { + "oneOf": [ + { + "type": "integer", + "minimum": 0 + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Number of unused versions per application type to keep." + } + }, + "required": [ + "maxUnusedVersionsToKeep" + ] + }, + "ApplicationUpgradePolicy": { + "type": "object", + "properties": { + "applicationHealthPolicy": { + "oneOf": [ + { + "$ref": "#/definitions/ArmApplicationHealthPolicy" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Defines a health policy used to evaluate the health of an application or one of its children entities.\n" + }, + "forceRestart": { + "oneOf": [ + { + "type": "boolean", + "default": false + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "If true, then processes are forcefully restarted during upgrade even when the code version has not changed (the upgrade only changes configuration or data)." + }, + "recreateApplication": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Determines whether the application should be recreated on update. If value=true, the rest of the upgrade policy parameters are not allowed and it will result in availability loss." + }, + "rollingUpgradeMonitoringPolicy": { + "oneOf": [ + { + "$ref": "#/definitions/ArmRollingUpgradeMonitoringPolicy" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The policy used for monitoring the application upgrade" + }, + "upgradeMode": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Invalid", + "UnmonitoredAuto", + "UnmonitoredManual", + "Monitored" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "upgradeReplicaSetCheckTimeout": { + "type": "string", + "description": "The maximum amount of time to block processing of an upgrade domain and prevent loss of availability when there are unexpected issues. When this timeout expires, processing of the upgrade domain will proceed regardless of availability loss issues. The timeout is reset at the start of each upgrade domain. Valid values are between 0 and 42949672925 inclusive. (unsigned 32-bit integer)." + } + }, + "description": "Describes the policy for a monitored application upgrade." + }, + "ApplicationUserAssignedIdentity": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The friendly name of user assigned identity." + }, + "principalId": { + "type": "string", + "description": "The principal id of user assigned identity." + } + }, + "required": [ + "name", + "principalId" + ] + }, + "ArmApplicationHealthPolicy": { + "type": "object", + "properties": { + "considerWarningAsError": { + "oneOf": [ + { + "type": "boolean", + "default": false + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Indicates whether warnings are treated with the same severity as errors." + }, + "defaultServiceTypeHealthPolicy": { + "oneOf": [ + { + "$ref": "#/definitions/ArmServiceTypeHealthPolicy" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Represents the health policy used to evaluate the health of services belonging to a service type.\n" + }, + "maxPercentUnhealthyDeployedApplications": { + "oneOf": [ + { + "type": "integer", + "default": "0" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The maximum allowed percentage of unhealthy deployed applications. Allowed values are Byte values from zero to 100.\nThe percentage represents the maximum tolerated percentage of deployed applications that can be unhealthy before the application is considered in error.\nThis is calculated by dividing the number of unhealthy deployed applications over the number of nodes where the application is currently deployed on in the cluster.\nThe computation rounds up to tolerate one failure on small numbers of nodes. Default percentage is zero.\n" + }, + "serviceTypeHealthPolicyMap": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/ArmServiceTypeHealthPolicy" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Defines a ServiceTypeHealthPolicy per service type name.\n\nThe entries in the map replace the default service type health policy for each specified service type.\nFor example, in an application that contains both a stateless gateway service type and a stateful engine service type, the health policies for the stateless and stateful services can be configured differently.\nWith policy per service type, there's more granular control of the health of the service.\n\nIf no policy is specified for a service type name, the DefaultServiceTypeHealthPolicy is used for evaluation.\n" + } + }, + "description": "Defines a health policy used to evaluate the health of an application or one of its children entities.\n" + }, + "ArmRollingUpgradeMonitoringPolicy": { + "type": "object", + "properties": { + "failureAction": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Rollback", + "Manual" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The activation Mode of the service package." + }, + "healthCheckRetryTimeout": { + "type": "string", + "default": "PT0H10M0S", + "description": "The amount of time to retry health evaluation when the application or cluster is unhealthy before FailureAction is executed. It is first interpreted as a string representing an ISO 8601 duration. If that fails, then it is interpreted as a number representing the total number of milliseconds." + }, + "healthCheckStableDuration": { + "type": "string", + "default": "PT0H2M0S", + "description": "The amount of time that the application or cluster must remain healthy before the upgrade proceeds to the next upgrade domain. It is first interpreted as a string representing an ISO 8601 duration. If that fails, then it is interpreted as a number representing the total number of milliseconds." + }, + "healthCheckWaitDuration": { + "type": "string", + "default": "0", + "description": "The amount of time to wait after completing an upgrade domain before applying health policies. It is first interpreted as a string representing an ISO 8601 duration. If that fails, then it is interpreted as a number representing the total number of milliseconds." + }, + "upgradeDomainTimeout": { + "type": "string", + "default": "P10675199DT02H48M05.4775807S", + "description": "The amount of time each upgrade domain has to complete before FailureAction is executed. It is first interpreted as a string representing an ISO 8601 duration. If that fails, then it is interpreted as a number representing the total number of milliseconds." + }, + "upgradeTimeout": { + "type": "string", + "default": "P10675199DT02H48M05.4775807S", + "description": "The amount of time the overall upgrade has to complete before FailureAction is executed. It is first interpreted as a string representing an ISO 8601 duration. If that fails, then it is interpreted as a number representing the total number of milliseconds." + } + }, + "description": "The policy used for monitoring the application upgrade" + }, + "ArmServiceTypeHealthPolicy": { + "type": "object", + "properties": { + "maxPercentUnhealthyPartitionsPerService": { + "oneOf": [ + { + "type": "integer", + "minimum": 0, + "maximum": 100, + "default": "0" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The maximum percentage of partitions per service allowed to be unhealthy before your application is considered in error.\n" + }, + "maxPercentUnhealthyReplicasPerPartition": { + "oneOf": [ + { + "type": "integer", + "minimum": 0, + "maximum": 100, + "default": "0" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The maximum percentage of replicas per partition allowed to be unhealthy before your application is considered in error.\n" + }, + "maxPercentUnhealthyServices": { + "oneOf": [ + { + "type": "integer", + "minimum": 0, + "maximum": 100, + "default": "0" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The maximum percentage of services allowed to be unhealthy before your application is considered in error.\n" + } + }, + "description": "Represents the health policy used to evaluate the health of services belonging to a service type.\n" + }, + "AzureActiveDirectory": { + "type": "object", + "properties": { + "clientApplication": { + "type": "string", + "description": "Azure active directory client application id." + }, + "clusterApplication": { + "type": "string", + "description": "Azure active directory cluster application id." + }, + "tenantId": { + "type": "string", + "description": "Azure active directory tenant id." + } + }, + "description": "The settings to enable AAD authentication on the cluster." + }, + "CertificateDescription": { + "type": "object", + "properties": { + "thumbprint": { + "type": "string", + "description": "Thumbprint of the primary certificate." + }, + "thumbprintSecondary": { + "type": "string", + "description": "Thumbprint of the secondary certificate." + }, + "x509StoreName": { + "oneOf": [ + { + "type": "string", + "enum": [ + "AddressBook", + "AuthRoot", + "CertificateAuthority", + "Disallowed", + "My", + "Root", + "TrustedPeople", + "TrustedPublisher" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + } + }, + "required": [ + "thumbprint" + ], + "description": "Describes the certificate details." + }, + "ClientCertificateCommonName": { + "type": "object", + "properties": { + "certificateCommonName": { + "type": "string", + "description": "The common name of the client certificate." + }, + "certificateIssuerThumbprint": { + "type": "string", + "description": "The issuer thumbprint of the client certificate." + }, + "isAdmin": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Indicates if the client certificate has admin access to the cluster. Non admin clients can perform only read only operations on the cluster." + } + }, + "required": [ + "certificateCommonName", + "certificateIssuerThumbprint", + "isAdmin" + ], + "description": "Describes the client certificate details using common name." + }, + "ClientCertificateThumbprint": { + "type": "object", + "properties": { + "certificateThumbprint": { + "type": "string", + "description": "The thumbprint of the client certificate." + }, + "isAdmin": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Indicates if the client certificate has admin access to the cluster. Non admin clients can perform only read only operations on the cluster." + } + }, + "required": [ + "certificateThumbprint", + "isAdmin" + ], + "description": "Describes the client certificate details using thumbprint." + }, + "ClusterHealthPolicy": { + "type": "object", + "properties": { + "applicationHealthPolicies": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/ApplicationHealthPolicy" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Defines a map that contains specific application health policies for different applications.\nEach entry specifies as key the application name and as value an ApplicationHealthPolicy used to evaluate the application health.\nThe application name should include the 'fabric:' URI scheme.\nThe map is empty by default.\n" + }, + "maxPercentUnhealthyApplications": { + "oneOf": [ + { + "type": "integer", + "minimum": 0, + "maximum": 100, + "default": "0" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The maximum allowed percentage of unhealthy applications before reporting an error. For example, to allow 10% of applications to be unhealthy, this value would be 10.\n\nThe percentage represents the maximum tolerated percentage of applications that can be unhealthy before the cluster is considered in error.\nIf the percentage is respected but there is at least one unhealthy application, the health is evaluated as Warning.\nThis is calculated by dividing the number of unhealthy applications over the total number of application instances in the cluster, excluding applications of application types that are included in the ApplicationTypeHealthPolicyMap.\nThe computation rounds up to tolerate one failure on small numbers of applications. Default percentage is zero.\n" + }, + "maxPercentUnhealthyNodes": { + "oneOf": [ + { + "type": "integer", + "minimum": 0, + "maximum": 100, + "default": "0" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The maximum allowed percentage of unhealthy nodes before reporting an error. For example, to allow 10% of nodes to be unhealthy, this value would be 10.\n\nThe percentage represents the maximum tolerated percentage of nodes that can be unhealthy before the cluster is considered in error.\nIf the percentage is respected but there is at least one unhealthy node, the health is evaluated as Warning.\nThe percentage is calculated by dividing the number of unhealthy nodes over the total number of nodes in the cluster.\nThe computation rounds up to tolerate one failure on small numbers of nodes. Default percentage is zero.\n\nIn large clusters, some nodes will always be down or out for repairs, so this percentage should be configured to tolerate that.\n" + } + }, + "description": "Defines a health policy used to evaluate the health of the cluster or of a cluster node.\n" + }, + "ClusterProperties": { + "type": "object", + "properties": { + "addOnFeatures": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string", + "enum": [ + "RepairManager", + "DnsService", + "BackupRestoreService", + "ResourceMonitorService" + ] + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The list of add-on features to enable in the cluster." + }, + "applicationTypeVersionsCleanupPolicy": { + "oneOf": [ + { + "$ref": "#/definitions/ApplicationTypeVersionsCleanupPolicy" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "azureActiveDirectory": { + "oneOf": [ + { + "$ref": "#/definitions/AzureActiveDirectory" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The settings to enable AAD authentication on the cluster." + }, + "certificate": { + "oneOf": [ + { + "$ref": "#/definitions/CertificateDescription" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describes the certificate details." + }, + "certificateCommonNames": { + "oneOf": [ + { + "$ref": "#/definitions/ServerCertificateCommonNames" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describes a list of server certificates referenced by common name that are used to secure the cluster." + }, + "clientCertificateCommonNames": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ClientCertificateCommonName" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The list of client certificates referenced by common name that are allowed to manage the cluster." + }, + "clientCertificateThumbprints": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ClientCertificateThumbprint" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The list of client certificates referenced by thumbprint that are allowed to manage the cluster." + }, + "clusterCodeVersion": { + "type": "string", + "description": "The Service Fabric runtime version of the cluster. This property can only by set the user when **upgradeMode** is set to 'Manual'. To get list of available Service Fabric versions for new clusters use [ClusterVersion API](./ClusterVersion.md). To get the list of available version for existing clusters use **availableClusterVersions**." + }, + "diagnosticsStorageAccountConfig": { + "oneOf": [ + { + "$ref": "#/definitions/DiagnosticsStorageAccountConfig" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The storage account information for storing Service Fabric diagnostic logs." + }, + "eventStoreServiceEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Indicates if the event store service is enabled." + }, + "fabricSettings": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/SettingsSectionDescription" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The list of custom fabric settings to configure the cluster." + }, + "infrastructureServiceManager": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Indicates if infrastructure service manager is enabled." + }, + "managementEndpoint": { + "type": "string", + "description": "The http management endpoint of the cluster." + }, + "nodeTypes": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/NodeTypeDescription" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The list of node types in the cluster." + }, + "notifications": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/Notification" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Indicates a list of notification channels for cluster events." + }, + "reliabilityLevel": { + "oneOf": [ + { + "type": "string", + "enum": [ + "None", + "Bronze", + "Silver", + "Gold", + "Platinum" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "reverseProxyCertificate": { + "oneOf": [ + { + "$ref": "#/definitions/CertificateDescription" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describes the certificate details." + }, + "reverseProxyCertificateCommonNames": { + "oneOf": [ + { + "$ref": "#/definitions/ServerCertificateCommonNames" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describes a list of server certificates referenced by common name that are used to secure the cluster." + }, + "sfZonalUpgradeMode": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Parallel", + "Hierarchical" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "upgradeDescription": { + "oneOf": [ + { + "$ref": "#/definitions/ClusterUpgradePolicy" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describes the policy used when upgrading the cluster." + }, + "upgradeMode": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Automatic", + "Manual" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "upgradePauseEndTimestampUtc": { + "type": "string", + "format": "date-time", + "description": "Indicates the end date and time to pause automatic runtime version upgrades on the cluster for an specific period of time on the cluster (UTC)." + }, + "upgradePauseStartTimestampUtc": { + "type": "string", + "format": "date-time", + "description": "Indicates the start date and time to pause automatic runtime version upgrades on the cluster for an specific period of time on the cluster (UTC)." + }, + "upgradeWave": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Wave0", + "Wave1", + "Wave2" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Indicates when new cluster runtime version upgrades will be applied after they are released. By default is Wave0. Only applies when **upgradeMode** is set to 'Automatic'." + }, + "vmImage": { + "type": "string", + "description": "The VM image VMSS has been configured with. Generic names such as Windows or Linux can be used." + }, + "vmssZonalUpgradeMode": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Parallel", + "Hierarchical" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "waveUpgradePaused": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Boolean to pause automatic runtime version upgrades to the cluster." + } + }, + "required": [ + "managementEndpoint", + "nodeTypes" + ], + "description": "Describes the cluster resource properties." + }, + "clusters_applications_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01" + ] + }, + "identity": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedIdentity" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describes the managed identities for an Azure resource." + }, + "location": { + "type": "string", + "description": "It will be deprecated in New API, resource location depends on the parent resource." + }, + "name": { + "type": "string", + "description": "The name of the application resource." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ApplicationResourceProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The application resource properties." + }, + "systemData": { + "oneOf": [ + { + "$ref": "#/definitions/SystemData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Metadata pertaining to creation and last modification of the resource." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Azure resource tags." + }, + "type": { + "type": "string", + "enum": [ + "applications" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.ServiceFabric/clusters/applications" + }, + "clusters_applications_services_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01" + ] + }, + "location": { + "type": "string", + "description": "It will be deprecated in New API, resource location depends on the parent resource." + }, + "name": { + "type": "string", + "description": "The name of the service resource in the format of {applicationName}~{serviceName}." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ServiceResourceProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The service resource properties." + }, + "systemData": { + "oneOf": [ + { + "$ref": "#/definitions/SystemData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Metadata pertaining to creation and last modification of the resource." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Azure resource tags." + }, + "type": { + "type": "string", + "enum": [ + "services" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.ServiceFabric/clusters/applications/services" + }, + "clusters_applicationTypes_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01" + ] + }, + "location": { + "type": "string", + "description": "It will be deprecated in New API, resource location depends on the parent resource." + }, + "name": { + "type": "string", + "description": "The name of the application type name resource." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ApplicationTypeResourceProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The application type name properties" + }, + "systemData": { + "oneOf": [ + { + "$ref": "#/definitions/SystemData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Metadata pertaining to creation and last modification of the resource." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Azure resource tags." + }, + "type": { + "type": "string", + "enum": [ + "applicationTypes" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.ServiceFabric/clusters/applicationTypes" + }, + "clusters_applicationTypes_versions_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01" + ] + }, + "location": { + "type": "string", + "description": "It will be deprecated in New API, resource location depends on the parent resource." + }, + "name": { + "type": "string", + "description": "The application type version." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ApplicationTypeVersionResourceProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The properties of the application type version resource." + }, + "systemData": { + "oneOf": [ + { + "$ref": "#/definitions/SystemData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Metadata pertaining to creation and last modification of the resource." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Azure resource tags." + }, + "type": { + "type": "string", + "enum": [ + "versions" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.ServiceFabric/clusters/applicationTypes/versions" + }, + "ClusterUpgradeDeltaHealthPolicy": { + "type": "object", + "properties": { + "applicationDeltaHealthPolicies": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/ApplicationDeltaHealthPolicy" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Defines a map that contains specific application delta health policies for different applications.\nEach entry specifies as key the application name and as value an ApplicationDeltaHealthPolicy used to evaluate the application health when upgrading the cluster.\nThe application name should include the 'fabric:' URI scheme.\nThe map is empty by default.\n" + }, + "maxPercentDeltaUnhealthyApplications": { + "oneOf": [ + { + "type": "integer", + "minimum": 0, + "maximum": 100 + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The maximum allowed percentage of applications health degradation allowed during cluster upgrades.\nThe delta is measured between the state of the applications at the beginning of upgrade and the state of the applications at the time of the health evaluation.\nThe check is performed after every upgrade domain upgrade completion to make sure the global state of the cluster is within tolerated limits. System services are not included in this.\n" + }, + "maxPercentDeltaUnhealthyNodes": { + "oneOf": [ + { + "type": "integer", + "minimum": 0, + "maximum": 100 + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The maximum allowed percentage of nodes health degradation allowed during cluster upgrades.\nThe delta is measured between the state of the nodes at the beginning of upgrade and the state of the nodes at the time of the health evaluation.\nThe check is performed after every upgrade domain upgrade completion to make sure the global state of the cluster is within tolerated limits.\n" + }, + "maxPercentUpgradeDomainDeltaUnhealthyNodes": { + "oneOf": [ + { + "type": "integer", + "minimum": 0, + "maximum": 100 + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The maximum allowed percentage of upgrade domain nodes health degradation allowed during cluster upgrades.\nThe delta is measured between the state of the upgrade domain nodes at the beginning of upgrade and the state of the upgrade domain nodes at the time of the health evaluation.\nThe check is performed after every upgrade domain upgrade completion for all completed upgrade domains to make sure the state of the upgrade domains is within tolerated limits.\n" + } + }, + "required": [ + "maxPercentDeltaUnhealthyApplications", + "maxPercentDeltaUnhealthyNodes", + "maxPercentUpgradeDomainDeltaUnhealthyNodes" + ], + "description": "Describes the delta health policies for the cluster upgrade." + }, + "ClusterUpgradePolicy": { + "type": "object", + "properties": { + "deltaHealthPolicy": { + "oneOf": [ + { + "$ref": "#/definitions/ClusterUpgradeDeltaHealthPolicy" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describes the delta health policies for the cluster upgrade." + }, + "forceRestart": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "If true, then processes are forcefully restarted during upgrade even when the code version has not changed (the upgrade only changes configuration or data)." + }, + "healthCheckRetryTimeout": { + "type": "string", + "description": "The amount of time to retry health evaluation when the application or cluster is unhealthy before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format." + }, + "healthCheckStableDuration": { + "type": "string", + "description": "The amount of time that the application or cluster must remain healthy before the upgrade proceeds to the next upgrade domain. The duration can be in either hh:mm:ss or in d.hh:mm:ss.ms format." + }, + "healthCheckWaitDuration": { + "type": "string", + "description": "The length of time to wait after completing an upgrade domain before performing health checks. The duration can be in either hh:mm:ss or in d.hh:mm:ss.ms format." + }, + "healthPolicy": { + "oneOf": [ + { + "$ref": "#/definitions/ClusterHealthPolicy" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Defines a health policy used to evaluate the health of the cluster or of a cluster node.\n" + }, + "upgradeDomainTimeout": { + "type": "string", + "description": "The amount of time each upgrade domain has to complete before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format." + }, + "upgradeReplicaSetCheckTimeout": { + "type": "string", + "description": "The maximum amount of time to block processing of an upgrade domain and prevent loss of availability when there are unexpected issues. When this timeout expires, processing of the upgrade domain will proceed regardless of availability loss issues. The timeout is reset at the start of each upgrade domain. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format." + }, + "upgradeTimeout": { + "type": "string", + "description": "The amount of time the overall upgrade has to complete before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format." + } + }, + "required": [ + "healthCheckRetryTimeout", + "healthCheckStableDuration", + "healthCheckWaitDuration", + "healthPolicy", + "upgradeDomainTimeout", + "upgradeReplicaSetCheckTimeout", + "upgradeTimeout" + ], + "description": "Describes the policy used when upgrading the cluster." + }, + "DiagnosticsStorageAccountConfig": { + "type": "object", + "properties": { + "blobEndpoint": { + "type": "string", + "description": "The blob endpoint of the azure storage account." + }, + "protectedAccountKeyName": { + "type": "string", + "description": "The protected diagnostics storage key name." + }, + "protectedAccountKeyName2": { + "type": "string", + "description": "The protected diagnostics storage key name." + }, + "queueEndpoint": { + "type": "string", + "description": "The queue endpoint of the azure storage account." + }, + "storageAccountName": { + "type": "string", + "description": "The Azure storage account name." + }, + "tableEndpoint": { + "type": "string", + "description": "The table endpoint of the azure storage account." + } + }, + "required": [ + "blobEndpoint", + "protectedAccountKeyName", + "queueEndpoint", + "storageAccountName", + "tableEndpoint" + ], + "description": "The storage account information for storing Service Fabric diagnostic logs." + }, + "EndpointRangeDescription": { + "type": "object", + "properties": { + "endPort": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "End port of a range of ports" + }, + "startPort": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Starting port of a range of ports" + } + }, + "required": [ + "endPort", + "startPort" + ], + "description": "Port range details" + }, + "ManagedIdentity": { + "type": "object", + "properties": { + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "SystemAssigned", + "UserAssigned", + "SystemAssigned, UserAssigned", + "None" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "userAssignedIdentities": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/UserAssignedIdentity" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The list of user identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form:\n'/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.\n" + } + }, + "description": "Describes the managed identities for an Azure resource." + }, + "NodeTypeDescription": { + "type": "object", + "properties": { + "applicationPorts": { + "oneOf": [ + { + "$ref": "#/definitions/EndpointRangeDescription" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Port range details" + }, + "capacities": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The capacity tags applied to the nodes in the node type, the cluster resource manager uses these tags to understand how much resource a node has." + }, + "clientConnectionEndpointPort": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The TCP cluster management endpoint port." + }, + "durabilityLevel": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Bronze", + "Silver", + "Gold" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "ephemeralPorts": { + "oneOf": [ + { + "$ref": "#/definitions/EndpointRangeDescription" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Port range details" + }, + "httpGatewayEndpointPort": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The HTTP cluster management endpoint port." + }, + "isPrimary": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The node type on which system services will run. Only one node type should be marked as primary. Primary node type cannot be deleted or changed for existing clusters." + }, + "isStateless": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Indicates if the node type can only host Stateless workloads." + }, + "multipleAvailabilityZones": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Indicates if the node type is enabled to support multiple zones." + }, + "name": { + "type": "string", + "description": "The name of the node type." + }, + "placementProperties": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The placement tags applied to nodes in the node type, which can be used to indicate where certain services (workload) should run." + }, + "reverseProxyEndpointPort": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The endpoint used by reverse proxy." + }, + "vmInstanceCount": { + "oneOf": [ + { + "type": "integer", + "minimum": 0, + "maximum": 2147483647 + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "VMInstanceCount should be 1 to n, where n indicates the number of VM instances corresponding to this nodeType. VMInstanceCount = 0 can be done only in these scenarios: NodeType is a secondary nodeType. Durability = Bronze or Durability >= Bronze and InfrastructureServiceManager = true. If VMInstanceCount = 0, implies the VMs for this nodeType will not be used for the initial cluster size computation." + } + }, + "required": [ + "clientConnectionEndpointPort", + "httpGatewayEndpointPort", + "isPrimary", + "name", + "vmInstanceCount" + ], + "description": "Describes a node type in the cluster, each node type represents sub set of nodes in the cluster." + }, + "Notification": { + "type": "object", + "properties": { + "isEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Indicates if the notification is enabled." + }, + "notificationCategory": { + "oneOf": [ + { + "type": "string", + "enum": [ + "WaveProgress" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The category of notification." + }, + "notificationLevel": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Critical", + "All" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The level of notification." + }, + "notificationTargets": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/NotificationTarget" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "List of targets that subscribe to the notification." + } + }, + "required": [ + "isEnabled", + "notificationCategory", + "notificationLevel", + "notificationTargets" + ], + "description": "Describes the notification channel for cluster events." + }, + "NotificationTarget": { + "type": "object", + "properties": { + "notificationChannel": { + "oneOf": [ + { + "type": "string", + "enum": [ + "EmailUser", + "EmailSubscription" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The notification channel indicates the type of receivers subscribed to the notification, either user or subscription." + }, + "receivers": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "List of targets that subscribe to the notification." + } + }, + "required": [ + "notificationChannel", + "receivers" + ], + "description": "Describes the notification target properties." + }, + "PartitionSchemeDescription": { + "type": "object", + "oneOf": [ + { + "$ref": "#/definitions/SingletonPartitionSchemeDescription" + } + ], + "properties": {}, + "description": "Describes how the service is partitioned." + }, + "ServerCertificateCommonName": { + "type": "object", + "properties": { + "certificateCommonName": { + "type": "string", + "description": "The common name of the server certificate." + }, + "certificateIssuerThumbprint": { + "type": "string", + "description": "The issuer thumbprint of the server certificate." + } + }, + "required": [ + "certificateCommonName", + "certificateIssuerThumbprint" + ], + "description": "Describes the server certificate details using common name." + }, + "ServerCertificateCommonNames": { + "type": "object", + "properties": { + "commonNames": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ServerCertificateCommonName" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The list of server certificates referenced by common name that are used to secure the cluster." + }, + "x509StoreName": { + "oneOf": [ + { + "type": "string", + "enum": [ + "AddressBook", + "AuthRoot", + "CertificateAuthority", + "Disallowed", + "My", + "Root", + "TrustedPeople", + "TrustedPublisher" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + } + }, + "description": "Describes a list of server certificates referenced by common name that are used to secure the cluster." + }, + "ServiceCorrelationDescription": { + "type": "object", + "properties": { + "scheme": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Invalid", + "Affinity", + "AlignedAffinity", + "NonAlignedAffinity" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The ServiceCorrelationScheme which describes the relationship between this service and the service specified via ServiceName." + }, + "serviceName": { + "type": "string", + "description": "The full name of the service with 'fabric:' URI scheme." + } + }, + "required": [ + "scheme", + "serviceName" + ], + "description": "Creates a particular correlation between services." + }, + "ServiceLoadMetricDescription": { + "type": "object", + "properties": { + "defaultLoad": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Used only for Stateless services. The default amount of load, as a number, that this service creates for this metric." + }, + "name": { + "type": "string", + "description": "The name of the metric. If the service chooses to report load during runtime, the load metric name should match the name that is specified in Name exactly. Note that metric names are case sensitive." + }, + "primaryDefaultLoad": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Used only for Stateful services. The default amount of load, as a number, that this service creates for this metric when it is a Primary replica." + }, + "secondaryDefaultLoad": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Used only for Stateful services. The default amount of load, as a number, that this service creates for this metric when it is a Secondary replica." + }, + "weight": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Zero", + "Low", + "Medium", + "High" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The service load metric relative weight, compared to other metrics configured for this service, as a number." + } + }, + "required": [ + "name" + ], + "description": "Specifies a metric to load balance a service during runtime." + }, + "ServicePlacementPolicyDescription": { + "type": "object", + "properties": {}, + "description": "Describes the policy to be used for placement of a Service Fabric service." + }, + "ServiceResourceProperties": { + "type": "object", + "oneOf": [ + { + "$ref": "#/definitions/StatefulServiceProperties" + }, + { + "$ref": "#/definitions/StatelessServiceProperties" + } + ], + "properties": { + "correlationScheme": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ServiceCorrelationDescription" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A list that describes the correlation of the service with other services." + }, + "defaultMoveCost": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Zero", + "Low", + "Medium", + "High" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "partitionDescription": { + "oneOf": [ + { + "$ref": "#/definitions/PartitionSchemeDescription" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describes how the service is partitioned." + }, + "placementConstraints": { + "type": "string", + "description": "The placement constraints as a string. Placement constraints are boolean expressions on node properties and allow for restricting a service to particular nodes based on the service requirements. For example, to place a service on nodes where NodeType is blue specify the following: \"NodeColor == blue)\"." + }, + "serviceDnsName": { + "type": "string", + "description": "Dns name used for the service. If this is specified, then the service can be accessed via its DNS name instead of service name." + }, + "serviceLoadMetrics": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ServiceLoadMetricDescription" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The service load metrics is given as an array of ServiceLoadMetricDescription objects." + }, + "servicePackageActivationMode": { + "oneOf": [ + { + "type": "string", + "enum": [ + "SharedProcess", + "ExclusiveProcess" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The activation Mode of the service package." + }, + "servicePlacementPolicies": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ServicePlacementPolicyDescription" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A list that describes the correlation of the service with other services." + }, + "serviceTypeName": { + "type": "string", + "description": "The name of the service type" + } + }, + "description": "The service resource properties." + }, + "ServiceTypeDeltaHealthPolicy": { + "type": "object", + "properties": { + "maxPercentDeltaUnhealthyServices": { + "oneOf": [ + { + "type": "integer", + "minimum": 0, + "maximum": 100, + "default": "0" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The maximum allowed percentage of services health degradation allowed during cluster upgrades.\nThe delta is measured between the state of the services at the beginning of upgrade and the state of the services at the time of the health evaluation.\nThe check is performed after every upgrade domain upgrade completion to make sure the global state of the cluster is within tolerated limits.\n" + } + }, + "description": "Represents the delta health policy used to evaluate the health of services belonging to a service type when upgrading the cluster.\n" + }, + "ServiceTypeHealthPolicy": { + "type": "object", + "properties": { + "maxPercentUnhealthyServices": { + "oneOf": [ + { + "type": "integer", + "minimum": 0, + "maximum": 100, + "default": "0" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The maximum percentage of services allowed to be unhealthy before your application is considered in error.\n" + } + }, + "description": "Represents the health policy used to evaluate the health of services belonging to a service type.\n" + }, + "SettingsParameterDescription": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The parameter name of fabric setting." + }, + "value": { + "type": "string", + "description": "The parameter value of fabric setting." + } + }, + "required": [ + "name", + "value" + ], + "description": "Describes a parameter in fabric settings of the cluster." + }, + "SettingsSectionDescription": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The section name of the fabric settings." + }, + "parameters": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/SettingsParameterDescription" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The collection of parameters in the section." + } + }, + "required": [ + "name", + "parameters" + ], + "description": "Describes a section in the fabric settings of the cluster." + }, + "SingletonPartitionSchemeDescription": { + "type": "object", + "properties": { + "partitionScheme": { + "type": "string", + "enum": [ + "Singleton" + ] + } + }, + "required": [ + "partitionScheme" + ], + "description": "SingletonPartitionSchemeDescription" + }, + "StatefulServiceProperties": { + "type": "object", + "properties": { + "hasPersistedState": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A flag indicating whether this is a persistent service which stores states on the local disk. If it is then the value of this property is true, if not it is false." + }, + "minReplicaSetSize": { + "oneOf": [ + { + "type": "integer", + "minimum": 1 + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The minimum replica set size as a number." + }, + "quorumLossWaitDuration": { + "type": "string", + "format": "date-time", + "description": "The maximum duration for which a partition is allowed to be in a state of quorum loss, represented in ISO 8601 format (hh:mm:ss.s)." + }, + "replicaRestartWaitDuration": { + "type": "string", + "format": "date-time", + "description": "The duration between when a replica goes down and when a new replica is created, represented in ISO 8601 format (hh:mm:ss.s)." + }, + "serviceKind": { + "type": "string", + "enum": [ + "Stateful" + ] + }, + "standByReplicaKeepDuration": { + "type": "string", + "format": "date-time", + "description": "The definition on how long StandBy replicas should be maintained before being removed, represented in ISO 8601 format (hh:mm:ss.s)." + }, + "targetReplicaSetSize": { + "oneOf": [ + { + "type": "integer", + "minimum": 1 + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The target replica set size as a number." + } + }, + "required": [ + "serviceKind" + ], + "description": "The properties of a stateful service resource." + }, + "StatelessServiceProperties": { + "type": "object", + "properties": { + "instanceCloseDelayDuration": { + "type": "string", + "description": "Delay duration for RequestDrain feature to ensures that the endpoint advertised by the stateless instance is removed before the delay starts prior to closing the instance. This delay enables existing requests to drain gracefully before the instance actually goes down (https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-application-upgrade-advanced#avoid-connection-drops-during-stateless-service-planned-downtime-preview). It is first interpreted as a string representing an ISO 8601 duration. If that fails, then it is interpreted as a number representing the total number of milliseconds." + }, + "instanceCount": { + "oneOf": [ + { + "type": "integer", + "minimum": -1 + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The instance count." + }, + "serviceKind": { + "type": "string", + "enum": [ + "Stateless" + ] + } + }, + "required": [ + "serviceKind" + ], + "description": "The properties of a stateless service resource." + }, + "SystemData": { + "type": "object", + "properties": { + "createdAt": { + "type": "string", + "format": "date-time", + "description": "The timestamp of resource creation (UTC)." + }, + "createdBy": { + "type": "string", + "description": "The identity that created the resource." + }, + "createdByType": { + "type": "string", + "description": "The type of identity that created the resource." + }, + "lastModifiedAt": { + "type": "string", + "format": "date-time", + "description": "The timestamp of resource last modification (UTC)." + }, + "lastModifiedBy": { + "type": "string", + "description": "The identity that last modified the resource." + }, + "lastModifiedByType": { + "type": "string", + "description": "The type of identity that last modified the resource." + } + }, + "description": "Metadata pertaining to creation and last modification of the resource." + }, + "UserAssignedIdentity": { + "type": "object", + "properties": {} + } + } +} \ No newline at end of file diff --git a/schemas/2021-07-01-preview/Microsoft.Authorization.Authz.json b/schemas/2021-07-01-preview/Microsoft.Authorization.Authz.json new file mode 100644 index 0000000000..49fd107f91 --- /dev/null +++ b/schemas/2021-07-01-preview/Microsoft.Authorization.Authz.json @@ -0,0 +1,665 @@ +{ + "id": "https://schema.management.azure.com/schemas/2021-07-01-preview/Microsoft.Authorization.Authz.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Authorization", + "description": "Microsoft Authorization Resource Types", + "resourceDefinitions": {}, + "subscription_resourceDefinitions": { + "accessReviewScheduleDefinitions": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-07-01-preview" + ] + }, + "backupReviewers": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/AccessReviewReviewer" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This is the collection of backup reviewers." + }, + "descriptionForAdmins": { + "type": "string", + "description": "The description provided by the access review creator and visible to admins." + }, + "descriptionForReviewers": { + "type": "string", + "description": "The description provided by the access review creator to be shown to reviewers." + }, + "displayName": { + "type": "string", + "description": "The display name for the schedule definition." + }, + "instances": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/AccessReviewInstance" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This is the collection of instances returned when one does an expand on it." + }, + "name": { + "type": "string", + "description": "The id of the access review schedule definition." + }, + "resources": { + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/accessReviewScheduleDefinitions_instances_childResource" + } + ] + } + }, + "reviewers": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/AccessReviewReviewer" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This is the collection of reviewers." + }, + "settings": { + "oneOf": [ + { + "$ref": "#/definitions/AccessReviewScheduleSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Settings of an Access Review." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/accessReviewScheduleDefinitions" + ] + } + }, + "required": [ + "apiVersion", + "name", + "type" + ], + "description": "Microsoft.Authorization/accessReviewScheduleDefinitions" + }, + "accessReviewScheduleDefinitions_instances": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-07-01-preview" + ] + }, + "backupReviewers": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/AccessReviewReviewer" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This is the collection of backup reviewers." + }, + "endDateTime": { + "type": "string", + "description": "The DateTime when the review instance is scheduled to end." + }, + "name": { + "type": "string", + "description": "The id of the access review instance." + }, + "reviewers": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/AccessReviewReviewer" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This is the collection of reviewers." + }, + "startDateTime": { + "type": "string", + "description": "The DateTime when the review instance is scheduled to be start." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/accessReviewScheduleDefinitions/instances" + ] + } + }, + "required": [ + "apiVersion", + "name", + "type" + ], + "description": "Microsoft.Authorization/accessReviewScheduleDefinitions/instances" + }, + "accessReviewScheduleSettings": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-07-01-preview" + ] + }, + "autoApplyDecisionsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether auto-apply capability, to automatically change the target object access resource, is enabled. If not enabled, a user must, after the review completes, apply the access review." + }, + "defaultDecision": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Approve", + "Deny", + "Recommendation" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This specifies the behavior for the autoReview feature when an access review completes." + }, + "defaultDecisionEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether reviewers are required to provide a justification when reviewing access." + }, + "instanceDurationInDays": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The duration in days for an instance." + }, + "justificationRequiredOnApproval": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether the reviewer is required to pass justification when recording a decision." + }, + "mailNotificationsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether sending mails to reviewers and the review creator is enabled." + }, + "name": { + "type": "string", + "enum": [ + "default" + ] + }, + "recommendationLookBackDuration": { + "type": "string", + "description": "Recommendations for access reviews are calculated by looking back at 30 days of data(w.r.t the start date of the review) by default. However, in some scenarios, customers want to change how far back to look at and want to configure 60 days, 90 days, etc. instead. This setting allows customers to configure this duration. The value should be in ISO 8601 format (http://en.wikipedia.org/wiki/ISO_8601#Durations).This code can be used to convert TimeSpan to a valid interval string: XmlConvert.ToString(new TimeSpan(hours, minutes, seconds))" + }, + "recommendationsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether showing recommendations to reviewers is enabled." + }, + "recurrence": { + "oneOf": [ + { + "$ref": "#/definitions/AccessReviewRecurrenceSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Recurrence Settings of an Access Review Schedule Definition." + }, + "reminderNotificationsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether sending reminder emails to reviewers are enabled." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/accessReviewScheduleSettings" + ] + } + }, + "required": [ + "apiVersion", + "name", + "type" + ], + "description": "Microsoft.Authorization/accessReviewScheduleSettings" + } + }, + "definitions": { + "AccessReviewInstance": { + "type": "object", + "properties": { + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/AccessReviewInstanceProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Access Review Instance properties." + } + }, + "description": "Access Review Instance." + }, + "AccessReviewInstanceProperties": { + "type": "object", + "properties": { + "backupReviewers": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/AccessReviewReviewer" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This is the collection of backup reviewers." + }, + "endDateTime": { + "type": "string", + "format": "date-time", + "description": "The DateTime when the review instance is scheduled to end." + }, + "reviewers": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/AccessReviewReviewer" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This is the collection of reviewers." + }, + "startDateTime": { + "type": "string", + "format": "date-time", + "description": "The DateTime when the review instance is scheduled to be start." + } + }, + "description": "Access Review Instance properties." + }, + "AccessReviewRecurrencePattern": { + "type": "object", + "properties": { + "interval": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The interval for recurrence. For a quarterly review, the interval is 3 for type : absoluteMonthly." + }, + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "weekly", + "absoluteMonthly" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The recurrence type : weekly, monthly, etc." + } + }, + "description": "Recurrence Pattern of an Access Review Schedule Definition." + }, + "AccessReviewRecurrenceRange": { + "type": "object", + "properties": { + "endDate": { + "type": "string", + "format": "date-time", + "description": "The DateTime when the review is scheduled to end. Required if type is endDate" + }, + "numberOfOccurrences": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The number of times to repeat the access review. Required and must be positive if type is numbered." + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "The DateTime when the review is scheduled to be start. This could be a date in the future. Required on create." + }, + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "endDate", + "noEnd", + "numbered" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The recurrence range type. The possible values are: endDate, noEnd, numbered." + } + }, + "description": "Recurrence Range of an Access Review Schedule Definition." + }, + "AccessReviewRecurrenceSettings": { + "type": "object", + "properties": { + "pattern": { + "oneOf": [ + { + "$ref": "#/definitions/AccessReviewRecurrencePattern" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Recurrence Pattern of an Access Review Schedule Definition." + }, + "range": { + "oneOf": [ + { + "$ref": "#/definitions/AccessReviewRecurrenceRange" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Recurrence Range of an Access Review Schedule Definition." + } + }, + "description": "Recurrence Settings of an Access Review Schedule Definition." + }, + "AccessReviewReviewer": { + "type": "object", + "properties": { + "principalId": { + "type": "string", + "description": "The id of the reviewer(user/servicePrincipal)" + } + }, + "description": "Descriptor for what needs to be reviewed" + }, + "accessReviewScheduleDefinitions_instances_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-07-01-preview" + ] + }, + "backupReviewers": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/AccessReviewReviewer" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This is the collection of backup reviewers." + }, + "endDateTime": { + "type": "string", + "description": "The DateTime when the review instance is scheduled to end." + }, + "name": { + "type": "string", + "description": "The id of the access review instance." + }, + "reviewers": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/AccessReviewReviewer" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This is the collection of reviewers." + }, + "startDateTime": { + "type": "string", + "description": "The DateTime when the review instance is scheduled to be start." + }, + "type": { + "type": "string", + "enum": [ + "instances" + ] + } + }, + "required": [ + "apiVersion", + "name", + "type" + ], + "description": "Microsoft.Authorization/accessReviewScheduleDefinitions/instances" + }, + "AccessReviewScheduleSettings": { + "type": "object", + "properties": { + "autoApplyDecisionsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether auto-apply capability, to automatically change the target object access resource, is enabled. If not enabled, a user must, after the review completes, apply the access review." + }, + "defaultDecision": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Approve", + "Deny", + "Recommendation" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This specifies the behavior for the autoReview feature when an access review completes." + }, + "defaultDecisionEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether reviewers are required to provide a justification when reviewing access." + }, + "instanceDurationInDays": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The duration in days for an instance." + }, + "justificationRequiredOnApproval": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether the reviewer is required to pass justification when recording a decision." + }, + "mailNotificationsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether sending mails to reviewers and the review creator is enabled." + }, + "recommendationLookBackDuration": { + "type": "string", + "format": "duration", + "description": "Recommendations for access reviews are calculated by looking back at 30 days of data(w.r.t the start date of the review) by default. However, in some scenarios, customers want to change how far back to look at and want to configure 60 days, 90 days, etc. instead. This setting allows customers to configure this duration. The value should be in ISO 8601 format (http://en.wikipedia.org/wiki/ISO_8601#Durations).This code can be used to convert TimeSpan to a valid interval string: XmlConvert.ToString(new TimeSpan(hours, minutes, seconds))" + }, + "recommendationsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether showing recommendations to reviewers is enabled." + }, + "recurrence": { + "oneOf": [ + { + "$ref": "#/definitions/AccessReviewRecurrenceSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Recurrence Settings of an Access Review Schedule Definition." + }, + "reminderNotificationsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether sending reminder emails to reviewers are enabled." + } + }, + "description": "Settings of an Access Review." + } + } +} \ No newline at end of file diff --git a/schemas/2021-07-01-preview/Microsoft.Security.json b/schemas/2021-07-01-preview/Microsoft.Security.json deleted file mode 100644 index 3cc7e77e41..0000000000 --- a/schemas/2021-07-01-preview/Microsoft.Security.json +++ /dev/null @@ -1,162 +0,0 @@ -{ - "id": "https://schema.management.azure.com/schemas/2021-07-01-preview/Microsoft.Security.json#", - "$schema": "http://json-schema.org/draft-04/schema#", - "title": "Microsoft.Security", - "description": "Microsoft Security Resource Types", - "resourceDefinitions": { - "securityConnectors": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2021-07-01-preview" - ] - }, - "etag": { - "type": "string", - "description": "Entity tag is used for comparing two or more entities from the same requested resource." - }, - "kind": { - "type": "string", - "description": "Kind of the resource" - }, - "location": { - "type": "string", - "description": "Location where the resource is stored" - }, - "name": { - "type": "string", - "description": "The security connector name." - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/SecurityConnectorProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "A set of properties that defines the security connector configuration." - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "A list of key value pairs that describe the resource." - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.Security/securityConnectors" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.Security/securityConnectors" - } - }, - "definitions": { - "CSPMMonitorAWSOffering": { - "type": "object", - "properties": { - "nativeCloudConnection": { - "oneOf": [ - { - "$ref": "#/definitions/CSPMMonitorAWSOfferingNativeCloudConnection" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The native cloud connection configuration" - }, - "offeringType": { - "type": "string", - "enum": [ - "CSPMMonitorAWS" - ] - } - }, - "required": [ - "offeringType" - ], - "description": "The CSPM monitoring for AWS offering configurations" - }, - "CSPMMonitorAWSOfferingNativeCloudConnection": { - "type": "object", - "properties": { - "cloudRoleArn": { - "type": "string", - "description": "The cloud role ARN in AWS for this feature" - } - }, - "description": "The native cloud connection configuration" - }, - "MultiCloudOffering": { - "type": "object", - "oneOf": [ - { - "$ref": "#/definitions/CSPMMonitorAWSOffering" - } - ], - "properties": {}, - "description": "The security offering details" - }, - "SecurityConnectorProperties": { - "type": "object", - "properties": { - "hierarchyId": { - "type": "string", - "description": "The multi cloud resource identifier (account id in case of AWS connector)." - }, - "multiCloudName": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Azure", - "AWS", - "GCP" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The multi cloud resource's cloud name." - }, - "offerings": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/MultiCloudOffering" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "A collection of offerings for the security connector." - } - }, - "description": "A set of properties that defines the security connector configuration." - } - } -} \ No newline at end of file diff --git a/schemas/2021-07-01/Microsoft.ContainerService.json b/schemas/2021-07-01/Microsoft.ContainerService.json new file mode 100644 index 0000000000..2c76e269a9 --- /dev/null +++ b/schemas/2021-07-01/Microsoft.ContainerService.json @@ -0,0 +1,3120 @@ +{ + "id": "https://schema.management.azure.com/schemas/2021-07-01/Microsoft.ContainerService.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.ContainerService", + "description": "Microsoft ContainerService Resource Types", + "resourceDefinitions": { + "managedClusters": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-07-01" + ] + }, + "extendedLocation": { + "oneOf": [ + { + "$ref": "#/definitions/ExtendedLocation" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The complex type of the extended location." + }, + "identity": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedClusterIdentity" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Identity for the managed cluster." + }, + "location": { + "type": "string", + "description": "Resource location" + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$", + "minLength": 1, + "maxLength": 63 + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the managed cluster resource." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedClusterProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of the managed cluster." + }, + "resources": { + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/managedClusters_maintenanceConfigurations_childResource" + }, + { + "$ref": "#/definitions/managedClusters_agentPools_childResource" + }, + { + "$ref": "#/definitions/managedClusters_privateEndpointConnections_childResource" + } + ] + } + }, + "sku": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedClusterSKU" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The SKU of a Managed Cluster." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Resource tags" + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.ContainerService/managedClusters" + ] + } + }, + "required": [ + "apiVersion", + "location", + "name", + "properties", + "type" + ], + "description": "Microsoft.ContainerService/managedClusters" + }, + "managedClusters_agentPools": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-07-01" + ] + }, + "name": { + "type": "string", + "description": "The name of the agent pool." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedClusterAgentPoolProfileProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties for the container service agent pool profile." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.ContainerService/managedClusters/agentPools" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.ContainerService/managedClusters/agentPools" + }, + "managedClusters_maintenanceConfigurations": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-07-01" + ] + }, + "name": { + "type": "string", + "description": "The name of the maintenance configuration." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/MaintenanceConfigurationProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties used to configure planned maintenance for a Managed Cluster." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.ContainerService/managedClusters/maintenanceConfigurations" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.ContainerService/managedClusters/maintenanceConfigurations" + }, + "managedClusters_privateEndpointConnections": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-07-01" + ] + }, + "name": { + "type": "string", + "description": "The name of the private endpoint connection." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateEndpointConnectionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a private endpoint connection." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.ContainerService/managedClusters/privateEndpointConnections" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.ContainerService/managedClusters/privateEndpointConnections" + } + }, + "definitions": { + "AgentPoolUpgradeSettings": { + "type": "object", + "properties": { + "maxSurge": { + "type": "string", + "description": "This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 1. For more information, including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade" + } + }, + "description": "Settings for upgrading an agentpool" + }, + "ContainerServiceLinuxProfile": { + "type": "object", + "properties": { + "adminUsername": { + "oneOf": [ + { + "type": "string", + "pattern": "^[A-Za-z][-A-Za-z0-9_]*$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The administrator username to use for Linux VMs." + }, + "ssh": { + "oneOf": [ + { + "$ref": "#/definitions/ContainerServiceSshConfiguration" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "SSH configuration for Linux-based VMs running on Azure." + } + }, + "required": [ + "adminUsername", + "ssh" + ], + "description": "Profile for Linux VMs in the container service cluster." + }, + "ContainerServiceNetworkProfile": { + "type": "object", + "properties": { + "dnsServiceIP": { + "oneOf": [ + { + "type": "string", + "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$", + "default": "10.0.0.10" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr." + }, + "dockerBridgeCidr": { + "oneOf": [ + { + "type": "string", + "pattern": "^([0-9]{1,3}\\.){3}[0-9]{1,3}(\\/([0-9]|[1-2][0-9]|3[0-2]))?$", + "default": "172.17.0.1/16" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range." + }, + "loadBalancerProfile": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedClusterLoadBalancerProfile" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Profile of the managed cluster load balancer." + }, + "loadBalancerSku": { + "oneOf": [ + { + "type": "string", + "enum": [ + "standard", + "basic" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The default is 'standard'. See [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load balancer SKUs." + }, + "natGatewayProfile": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedClusterNATGatewayProfile" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Profile of the managed cluster NAT gateway." + }, + "networkMode": { + "oneOf": [ + { + "type": "string", + "enum": [ + "transparent", + "bridge" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This cannot be specified if networkPlugin is anything other than 'azure'." + }, + "networkPlugin": { + "oneOf": [ + { + "type": "string", + "enum": [ + "azure", + "kubenet" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Network plugin used for building the Kubernetes network." + }, + "networkPolicy": { + "oneOf": [ + { + "type": "string", + "enum": [ + "calico", + "azure" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Network policy used for building the Kubernetes network." + }, + "outboundType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "loadBalancer", + "userDefinedRouting", + "managedNATGateway", + "userAssignedNATGateway" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This can only be set at cluster creation time and cannot be changed later. For more information see [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype)." + }, + "podCidr": { + "oneOf": [ + { + "type": "string", + "pattern": "^([0-9]{1,3}\\.){3}[0-9]{1,3}(\\/([0-9]|[1-2][0-9]|3[0-2]))?$", + "default": "10.244.0.0/16" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A CIDR notation IP range from which to assign pod IPs when kubenet is used." + }, + "serviceCidr": { + "oneOf": [ + { + "type": "string", + "pattern": "^([0-9]{1,3}\\.){3}[0-9]{1,3}(\\/([0-9]|[1-2][0-9]|3[0-2]))?$", + "default": "10.0.0.0/16" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges." + } + }, + "description": "Profile of network configuration." + }, + "ContainerServiceSshConfiguration": { + "type": "object", + "properties": { + "publicKeys": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ContainerServiceSshPublicKey" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified." + } + }, + "required": [ + "publicKeys" + ], + "description": "SSH configuration for Linux-based VMs running on Azure." + }, + "ContainerServiceSshPublicKey": { + "type": "object", + "properties": { + "keyData": { + "type": "string", + "description": "Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or without headers." + } + }, + "required": [ + "keyData" + ], + "description": "Contains information about SSH certificate public key data." + }, + "ExtendedLocation": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the extended location." + }, + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "EdgeZone" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of the extended location." + } + }, + "description": "The complex type of the extended location." + }, + "KubeletConfig": { + "type": "object", + "properties": { + "allowedUnsafeSysctls": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`)." + }, + "containerLogMaxFiles": { + "oneOf": [ + { + "type": "integer", + "minimum": 2 + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The maximum number of container log files that can be present for a container. The number must be ≥ 2." + }, + "containerLogMaxSizeMB": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The maximum size (e.g. 10Mi) of container log file before it is rotated." + }, + "cpuCfsQuota": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The default is true." + }, + "cpuCfsQuotaPeriod": { + "type": "string", + "description": "The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'." + }, + "cpuManagerPolicy": { + "type": "string", + "description": "The default is 'none'. See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more information. Allowed values are 'none' and 'static'." + }, + "failSwapOn": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "If set to true it will make the Kubelet fail to start if swap is enabled on the node." + }, + "imageGcHighThreshold": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "To disable image garbage collection, set to 100. The default is 85%" + }, + "imageGcLowThreshold": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This cannot be set higher than imageGcHighThreshold. The default is 80%" + }, + "podMaxPids": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The maximum number of processes per pod." + }, + "topologyManagerPolicy": { + "type": "string", + "description": "For more information see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values are 'none', 'best-effort', 'restricted', and 'single-numa-node'." + } + }, + "description": "See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details." + }, + "LinuxOSConfig": { + "type": "object", + "properties": { + "swapFileSizeMB": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The size in MB of a swap file that will be created on each node." + }, + "sysctls": { + "oneOf": [ + { + "$ref": "#/definitions/SysctlConfig" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl settings for Linux agent nodes." + }, + "transparentHugePageDefrag": { + "type": "string", + "description": "Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is 'madvise'. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge)." + }, + "transparentHugePageEnabled": { + "type": "string", + "description": "Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge)." + } + }, + "description": "See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details." + }, + "MaintenanceConfigurationProperties": { + "type": "object", + "properties": { + "notAllowedTime": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/TimeSpan" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Time slots on which upgrade is not allowed." + }, + "timeInWeek": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/TimeInWeek" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "If two array entries specify the same day of the week, the applied configuration is the union of times in both entries." + } + }, + "description": "Properties used to configure planned maintenance for a Managed Cluster." + }, + "ManagedClusterAADProfile": { + "type": "object", + "properties": { + "adminGroupObjectIDs": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The list of AAD group object IDs that will have admin role of the cluster." + }, + "clientAppID": { + "type": "string", + "description": "The client AAD application ID." + }, + "enableAzureRBAC": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Whether to enable Azure RBAC for Kubernetes authorization." + }, + "managed": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Whether to enable managed AAD." + }, + "serverAppID": { + "type": "string", + "description": "The server AAD application ID." + }, + "serverAppSecret": { + "type": "string", + "description": "The server AAD application secret." + }, + "tenantID": { + "type": "string", + "description": "The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment subscription." + } + }, + "description": "For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad)." + }, + "ManagedClusterAddonProfile": { + "type": "object", + "properties": { + "config": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Key-value pairs for configuring an add-on." + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Whether the add-on is enabled or not." + } + }, + "required": [ + "enabled" + ], + "description": "A Kubernetes add-on profile for a managed cluster." + }, + "ManagedClusterAgentPoolProfile": { + "type": "object", + "properties": { + "availabilityZones": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is 'VirtualMachineScaleSets'." + }, + "count": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1." + }, + "enableAutoScaling": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Whether to enable auto-scaler" + }, + "enableEncryptionAtHost": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption" + }, + "enableFIPS": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more details." + }, + "enableNodePublicIP": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The default is false." + }, + "enableUltraSSD": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Whether to enable UltraSSD" + }, + "gpuInstanceProfile": { + "oneOf": [ + { + "type": "string", + "enum": [ + "MIG1g", + "MIG2g", + "MIG3g", + "MIG4g", + "MIG7g" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU." + }, + "kubeletConfig": { + "oneOf": [ + { + "$ref": "#/definitions/KubeletConfig" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details." + }, + "kubeletDiskType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "OS", + "Temporary" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "linuxOSConfig": { + "oneOf": [ + { + "$ref": "#/definitions/LinuxOSConfig" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details." + }, + "maxCount": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The maximum number of nodes for auto-scaling" + }, + "maxPods": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The maximum number of pods that can run on a node." + }, + "minCount": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The minimum number of nodes for auto-scaling" + }, + "mode": { + "oneOf": [ + { + "type": "string", + "enum": [ + "System", + "User" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^[a-z][a-z0-9]{0,11}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Windows agent pool names must be 6 characters or less." + }, + "nodeLabels": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The node labels to be persisted across all nodes in agent pool." + }, + "nodePublicIPPrefixID": { + "type": "string", + "description": "This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}" + }, + "nodeTaints": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule." + }, + "orchestratorVersion": { + "type": "string", + "description": "As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool)." + }, + "osDiskSizeGB": { + "oneOf": [ + { + "type": "integer", + "minimum": 0, + "maximum": 2048 + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified." + }, + "osDiskType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Managed", + "Ephemeral" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "osSKU": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Ubuntu", + "CBLMariner" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "osType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Linux", + "Windows" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "podSubnetID": { + "type": "string", + "description": "If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}" + }, + "proximityPlacementGroupID": { + "type": "string", + "description": "The ID for Proximity Placement Group." + }, + "scaleDownMode": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Delete", + "Deallocate" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete." + }, + "scaleSetEvictionPolicy": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Delete", + "Deallocate" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is 'Delete'." + }, + "scaleSetPriority": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Spot", + "Regular" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Virtual Machine Scale Set priority. If not specified, the default is 'Regular'." + }, + "spotMaxPrice": { + "oneOf": [ + { + "type": "number", + "default": -1 + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)" + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The tags to be persisted on the agent pool virtual machine scale set." + }, + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "VirtualMachineScaleSets", + "AvailabilitySet" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "upgradeSettings": { + "oneOf": [ + { + "$ref": "#/definitions/AgentPoolUpgradeSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Settings for upgrading an agentpool" + }, + "vmSize": { + "type": "string", + "description": "VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions" + }, + "vnetSubnetID": { + "type": "string", + "description": "If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}" + } + }, + "required": [ + "name" + ], + "description": "Profile for the container service agent pool." + }, + "ManagedClusterAgentPoolProfileProperties": { + "type": "object", + "properties": { + "availabilityZones": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is 'VirtualMachineScaleSets'." + }, + "count": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1." + }, + "enableAutoScaling": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Whether to enable auto-scaler" + }, + "enableEncryptionAtHost": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption" + }, + "enableFIPS": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more details." + }, + "enableNodePublicIP": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The default is false." + }, + "enableUltraSSD": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Whether to enable UltraSSD" + }, + "gpuInstanceProfile": { + "oneOf": [ + { + "type": "string", + "enum": [ + "MIG1g", + "MIG2g", + "MIG3g", + "MIG4g", + "MIG7g" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU." + }, + "kubeletConfig": { + "oneOf": [ + { + "$ref": "#/definitions/KubeletConfig" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details." + }, + "kubeletDiskType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "OS", + "Temporary" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "linuxOSConfig": { + "oneOf": [ + { + "$ref": "#/definitions/LinuxOSConfig" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details." + }, + "maxCount": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The maximum number of nodes for auto-scaling" + }, + "maxPods": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The maximum number of pods that can run on a node." + }, + "minCount": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The minimum number of nodes for auto-scaling" + }, + "mode": { + "oneOf": [ + { + "type": "string", + "enum": [ + "System", + "User" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "nodeLabels": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The node labels to be persisted across all nodes in agent pool." + }, + "nodePublicIPPrefixID": { + "type": "string", + "description": "This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}" + }, + "nodeTaints": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule." + }, + "orchestratorVersion": { + "type": "string", + "description": "As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool)." + }, + "osDiskSizeGB": { + "oneOf": [ + { + "type": "integer", + "minimum": 0, + "maximum": 2048 + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified." + }, + "osDiskType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Managed", + "Ephemeral" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "osSKU": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Ubuntu", + "CBLMariner" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "osType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Linux", + "Windows" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "podSubnetID": { + "type": "string", + "description": "If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}" + }, + "proximityPlacementGroupID": { + "type": "string", + "description": "The ID for Proximity Placement Group." + }, + "scaleDownMode": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Delete", + "Deallocate" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete." + }, + "scaleSetEvictionPolicy": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Delete", + "Deallocate" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is 'Delete'." + }, + "scaleSetPriority": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Spot", + "Regular" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Virtual Machine Scale Set priority. If not specified, the default is 'Regular'." + }, + "spotMaxPrice": { + "oneOf": [ + { + "type": "number", + "default": -1 + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)" + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The tags to be persisted on the agent pool virtual machine scale set." + }, + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "VirtualMachineScaleSets", + "AvailabilitySet" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "upgradeSettings": { + "oneOf": [ + { + "$ref": "#/definitions/AgentPoolUpgradeSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Settings for upgrading an agentpool" + }, + "vmSize": { + "type": "string", + "description": "VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions" + }, + "vnetSubnetID": { + "type": "string", + "description": "If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}" + } + }, + "description": "Properties for the container service agent pool profile." + }, + "ManagedClusterAPIServerAccessProfile": { + "type": "object", + "properties": { + "authorizedIPRanges": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges)." + }, + "enablePrivateCluster": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "For more details, see [Creating a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters)." + }, + "enablePrivateClusterPublicFQDN": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Whether to create additional public FQDN for private cluster or not." + }, + "privateDNSZone": { + "type": "string", + "description": "The default is System. For more details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and 'none'." + } + }, + "description": "Access profile for managed cluster API server." + }, + "ManagedClusterAutoUpgradeProfile": { + "type": "object", + "properties": { + "upgradeChannel": { + "oneOf": [ + { + "type": "string", + "enum": [ + "rapid", + "stable", + "patch", + "node-image", + "none" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "For more information see [setting the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel)." + } + }, + "description": "Auto upgrade profile for a managed cluster." + }, + "ManagedClusterHTTPProxyConfig": { + "type": "object", + "properties": { + "httpProxy": { + "type": "string", + "description": "The HTTP proxy server endpoint to use." + }, + "httpsProxy": { + "type": "string", + "description": "The HTTPS proxy server endpoint to use." + }, + "noProxy": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The endpoints that should not go through proxy." + }, + "trustedCa": { + "type": "string", + "description": "Alternative CA cert to use for connecting to proxy servers." + } + }, + "description": "Cluster HTTP proxy configuration." + }, + "ManagedClusterIdentity": { + "type": "object", + "properties": { + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "SystemAssigned", + "UserAssigned", + "None" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "For more information see [use managed identities in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity)." + }, + "userAssignedIdentities": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/ManagedServiceIdentityUserAssignedIdentitiesValue" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The keys must be ARM resource IDs in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'." + } + }, + "description": "Identity for the managed cluster." + }, + "ManagedClusterLoadBalancerProfile": { + "type": "object", + "properties": { + "allocatedOutboundPorts": { + "oneOf": [ + { + "type": "integer", + "minimum": 0, + "maximum": 64000, + "default": "0" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 (inclusive). The default value is 0 which results in Azure dynamically allocating ports." + }, + "effectiveOutboundIPs": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ResourceReference" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The effective outbound IP resources of the cluster load balancer." + }, + "idleTimeoutInMinutes": { + "oneOf": [ + { + "type": "integer", + "minimum": 4, + "maximum": 120, + "default": "30" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 30 minutes." + }, + "managedOutboundIPs": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedClusterLoadBalancerProfileManagedOutboundIPs" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Desired managed outbound IPs for the cluster load balancer." + }, + "outboundIPPrefixes": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedClusterLoadBalancerProfileOutboundIPPrefixes" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Desired outbound IP Prefix resources for the cluster load balancer." + }, + "outboundIPs": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedClusterLoadBalancerProfileOutboundIPs" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Desired outbound IP resources for the cluster load balancer." + } + }, + "description": "Profile of the managed cluster load balancer." + }, + "ManagedClusterLoadBalancerProfileManagedOutboundIPs": { + "type": "object", + "properties": { + "count": { + "oneOf": [ + { + "type": "integer", + "minimum": 1, + "maximum": 100, + "default": "1" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The desired number of outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 1. " + } + }, + "description": "Desired managed outbound IPs for the cluster load balancer." + }, + "ManagedClusterLoadBalancerProfileOutboundIPPrefixes": { + "type": "object", + "properties": { + "publicIPPrefixes": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ResourceReference" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A list of public IP prefix resources." + } + }, + "description": "Desired outbound IP Prefix resources for the cluster load balancer." + }, + "ManagedClusterLoadBalancerProfileOutboundIPs": { + "type": "object", + "properties": { + "publicIPs": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ResourceReference" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A list of public IP resources." + } + }, + "description": "Desired outbound IP resources for the cluster load balancer." + }, + "ManagedClusterManagedOutboundIPProfile": { + "type": "object", + "properties": { + "count": { + "oneOf": [ + { + "type": "integer", + "minimum": 1, + "maximum": 16, + "default": "1" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 (inclusive). The default value is 1. " + } + }, + "description": "Profile of the managed outbound IP resources of the managed cluster." + }, + "ManagedClusterNATGatewayProfile": { + "type": "object", + "properties": { + "effectiveOutboundIPs": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ResourceReference" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The effective outbound IP resources of the cluster NAT gateway." + }, + "idleTimeoutInMinutes": { + "oneOf": [ + { + "type": "integer", + "minimum": 4, + "maximum": 120, + "default": "4" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 4 minutes." + }, + "managedOutboundIPProfile": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedClusterManagedOutboundIPProfile" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Profile of the managed outbound IP resources of the managed cluster." + } + }, + "description": "Profile of the managed cluster NAT gateway." + }, + "ManagedClusterPodIdentity": { + "type": "object", + "properties": { + "bindingSelector": { + "type": "string", + "description": "The binding selector to use for the AzureIdentityBinding resource." + }, + "identity": { + "oneOf": [ + { + "$ref": "#/definitions/UserAssignedIdentity" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Details about a user assigned identity." + }, + "name": { + "type": "string", + "description": "The name of the pod identity." + }, + "namespace": { + "type": "string", + "description": "The namespace of the pod identity." + } + }, + "required": [ + "identity", + "name", + "namespace" + ], + "description": "Details about the pod identity assigned to the Managed Cluster." + }, + "ManagedClusterPodIdentityException": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the pod identity exception." + }, + "namespace": { + "type": "string", + "description": "The namespace of the pod identity exception." + }, + "podLabels": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The pod labels to match." + } + }, + "required": [ + "name", + "namespace", + "podLabels" + ], + "description": "See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details." + }, + "ManagedClusterPodIdentityProfile": { + "type": "object", + "properties": { + "allowNetworkPluginKubenet": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Running in Kubenet is disabled by default due to the security related nature of AAD Pod Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) for more information." + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Whether the pod identity addon is enabled." + }, + "userAssignedIdentities": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ManagedClusterPodIdentity" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The pod identities to use in the cluster." + }, + "userAssignedIdentityExceptions": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ManagedClusterPodIdentityException" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The pod identity exceptions to allow." + } + }, + "description": "See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod identity integration." + }, + "ManagedClusterProperties": { + "type": "object", + "properties": { + "aadProfile": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedClusterAADProfile" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad)." + }, + "addonProfiles": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/ManagedClusterAddonProfile" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The profile of managed cluster add-on." + }, + "agentPoolProfiles": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ManagedClusterAgentPoolProfile" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The agent pool properties." + }, + "apiServerAccessProfile": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedClusterAPIServerAccessProfile" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Access profile for managed cluster API server." + }, + "autoScalerProfile": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedClusterPropertiesAutoScalerProfile" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Parameters to be applied to the cluster-autoscaler when enabled" + }, + "autoUpgradeProfile": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedClusterAutoUpgradeProfile" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Auto upgrade profile for a managed cluster." + }, + "disableLocalAccounts": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. For more details see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview)." + }, + "diskEncryptionSetID": { + "type": "string", + "description": "This is of the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}'" + }, + "dnsPrefix": { + "type": "string", + "description": "This cannot be updated once the Managed Cluster has been created." + }, + "enablePodSecurityPolicy": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "(DEPRECATING) Whether to enable Kubernetes pod security policy (preview). This feature is set for removal on October 15th, 2020. Learn more at aka.ms/aks/azpodpolicy." + }, + "enableRBAC": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Whether to enable Kubernetes Role-Based Access Control." + }, + "fqdnSubdomain": { + "type": "string", + "description": "This cannot be updated once the Managed Cluster has been created." + }, + "httpProxyConfig": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedClusterHTTPProxyConfig" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Cluster HTTP proxy configuration." + }, + "identityProfile": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/UserAssignedIdentity" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Identities associated with the cluster." + }, + "kubernetesVersion": { + "type": "string", + "description": "When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details." + }, + "linuxProfile": { + "oneOf": [ + { + "$ref": "#/definitions/ContainerServiceLinuxProfile" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Profile for Linux VMs in the container service cluster." + }, + "networkProfile": { + "oneOf": [ + { + "$ref": "#/definitions/ContainerServiceNetworkProfile" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Profile of network configuration." + }, + "nodeResourceGroup": { + "type": "string", + "description": "The name of the resource group containing agent pool nodes." + }, + "podIdentityProfile": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedClusterPodIdentityProfile" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod identity integration." + }, + "privateLinkResources": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/PrivateLinkResource" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Private link resources associated with the cluster." + }, + "securityProfile": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedClusterSecurityProfile" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Security profile for the container service cluster." + }, + "servicePrincipalProfile": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedClusterServicePrincipalProfile" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Information about a service principal identity for the cluster to use for manipulating Azure APIs." + }, + "windowsProfile": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedClusterWindowsProfile" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Profile for Windows VMs in the managed cluster." + } + }, + "description": "Properties of the managed cluster." + }, + "ManagedClusterPropertiesAutoScalerProfile": { + "type": "object", + "properties": { + "balance-similar-node-groups": { + "type": "string", + "description": "Valid values are 'true' and 'false'" + }, + "expander": { + "oneOf": [ + { + "type": "string", + "enum": [ + "least-waste", + "most-pods", + "priority", + "random" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "If not specified, the default is 'random'. See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more information." + }, + "max-empty-bulk-delete": { + "type": "string", + "description": "The default is 10." + }, + "max-graceful-termination-sec": { + "type": "string", + "description": "The default is 600." + }, + "max-node-provision-time": { + "type": "string", + "description": "The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported." + }, + "max-total-unready-percentage": { + "type": "string", + "description": "The default is 45. The maximum is 100 and the minimum is 0." + }, + "new-pod-scale-up-delay": { + "type": "string", + "description": "For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc)." + }, + "ok-total-unready-count": { + "type": "string", + "description": "This must be an integer. The default is 3." + }, + "scale-down-delay-after-add": { + "type": "string", + "description": "The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported." + }, + "scale-down-delay-after-delete": { + "type": "string", + "description": "The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported." + }, + "scale-down-delay-after-failure": { + "type": "string", + "description": "The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported." + }, + "scale-down-unneeded-time": { + "type": "string", + "description": "The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported." + }, + "scale-down-unready-time": { + "type": "string", + "description": "The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported." + }, + "scale-down-utilization-threshold": { + "type": "string", + "description": "The default is '0.5'." + }, + "scan-interval": { + "type": "string", + "description": "The default is '10'. Values must be an integer number of seconds." + }, + "skip-nodes-with-local-storage": { + "type": "string", + "description": "The default is true." + }, + "skip-nodes-with-system-pods": { + "type": "string", + "description": "The default is true." + } + }, + "description": "Parameters to be applied to the cluster-autoscaler when enabled" + }, + "ManagedClusterSecurityProfile": { + "type": "object", + "properties": { + "azureDefender": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedClusterSecurityProfileAzureDefender" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Azure Defender settings for the security profile." + } + }, + "description": "Security profile for the container service cluster." + }, + "ManagedClusterSecurityProfileAzureDefender": { + "type": "object", + "properties": { + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Whether to enable Azure Defender" + }, + "logAnalyticsWorkspaceResourceId": { + "type": "string", + "description": "Resource ID of the Log Analytics workspace to be associated with Azure Defender. When Azure Defender is enabled, this field is required and must be a valid workspace resource ID. When Azure Defender is disabled, leave the field empty." + } + }, + "description": "Azure Defender settings for the security profile." + }, + "ManagedClusterServicePrincipalProfile": { + "type": "object", + "properties": { + "clientId": { + "type": "string", + "description": "The ID for the service principal." + }, + "secret": { + "type": "string", + "description": "The secret password associated with the service principal in plain text." + } + }, + "required": [ + "clientId" + ], + "description": "Information about a service principal identity for the cluster to use for manipulating Azure APIs." + }, + "ManagedClusterSKU": { + "type": "object", + "properties": { + "name": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Basic" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of a managed cluster SKU." + }, + "tier": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Paid", + "Free" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "If not specified, the default is 'Free'. See [uptime SLA](https://docs.microsoft.com/azure/aks/uptime-sla) for more details." + } + }, + "description": "The SKU of a Managed Cluster." + }, + "managedClusters_agentPools_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-07-01" + ] + }, + "name": { + "type": "string", + "description": "The name of the agent pool." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedClusterAgentPoolProfileProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties for the container service agent pool profile." + }, + "type": { + "type": "string", + "enum": [ + "agentPools" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.ContainerService/managedClusters/agentPools" + }, + "managedClusters_maintenanceConfigurations_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-07-01" + ] + }, + "name": { + "type": "string", + "description": "The name of the maintenance configuration." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/MaintenanceConfigurationProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties used to configure planned maintenance for a Managed Cluster." + }, + "type": { + "type": "string", + "enum": [ + "maintenanceConfigurations" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.ContainerService/managedClusters/maintenanceConfigurations" + }, + "managedClusters_privateEndpointConnections_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-07-01" + ] + }, + "name": { + "type": "string", + "description": "The name of the private endpoint connection." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateEndpointConnectionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a private endpoint connection." + }, + "type": { + "type": "string", + "enum": [ + "privateEndpointConnections" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.ContainerService/managedClusters/privateEndpointConnections" + }, + "ManagedClusterWindowsProfile": { + "type": "object", + "properties": { + "adminPassword": { + "type": "string", + "description": "Specifies the password of the administrator account.

**Minimum-length:** 8 characters

**Max-length:** 123 characters

**Complexity requirements:** 3 out of 4 conditions below need to be fulfilled
Has lower characters
Has upper characters
Has a digit
Has a special character (Regex match [\\W_])

**Disallowed values:** \"abc@123\", \"P@$$w0rd\", \"P@ssw0rd\", \"P@ssword123\", \"Pa$$word\", \"pass@word1\", \"Password!\", \"Password1\", \"Password22\", \"iloveyou!\"" + }, + "adminUsername": { + "type": "string", + "description": "Specifies the name of the administrator account.

**Restriction:** Cannot end in \".\"

**Disallowed values:** \"administrator\", \"admin\", \"user\", \"user1\", \"test\", \"user2\", \"test1\", \"user3\", \"admin1\", \"1\", \"123\", \"a\", \"actuser\", \"adm\", \"admin2\", \"aspnet\", \"backup\", \"console\", \"david\", \"guest\", \"john\", \"owner\", \"root\", \"server\", \"sql\", \"support\", \"support_388945a0\", \"sys\", \"test2\", \"test3\", \"user4\", \"user5\".

**Minimum-length:** 1 character

**Max-length:** 20 characters" + }, + "enableCSIProxy": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "For more details on CSI proxy, see the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy)." + }, + "licenseType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "None", + "Windows_Server" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The license type to use for Windows VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details." + } + }, + "required": [ + "adminUsername" + ], + "description": "Profile for Windows VMs in the managed cluster." + }, + "ManagedServiceIdentityUserAssignedIdentitiesValue": { + "type": "object", + "properties": {} + }, + "PrivateEndpoint": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The resource ID of the private endpoint" + } + }, + "description": "Private endpoint which a connection belongs to." + }, + "PrivateEndpointConnectionProperties": { + "type": "object", + "properties": { + "privateEndpoint": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateEndpoint" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Private endpoint which a connection belongs to." + }, + "privateLinkServiceConnectionState": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateLinkServiceConnectionState" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The state of a private link service connection." + } + }, + "required": [ + "privateLinkServiceConnectionState" + ], + "description": "Properties of a private endpoint connection." + }, + "PrivateLinkResource": { + "type": "object", + "properties": { + "groupId": { + "type": "string", + "description": "The group ID of the resource." + }, + "id": { + "type": "string", + "description": "The ID of the private link resource." + }, + "name": { + "type": "string", + "description": "The name of the private link resource." + }, + "requiredMembers": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The RequiredMembers of the resource" + }, + "type": { + "type": "string", + "description": "The resource type." + } + }, + "description": "A private link resource" + }, + "PrivateLinkServiceConnectionState": { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "The private link service connection description." + }, + "status": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Pending", + "Approved", + "Rejected", + "Disconnected" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The private link service connection status." + } + }, + "description": "The state of a private link service connection." + }, + "ResourceReference": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The fully qualified Azure resource id." + } + }, + "description": "A reference to an Azure resource." + }, + "SysctlConfig": { + "type": "object", + "properties": { + "fsAioMaxNr": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting fs.aio-max-nr." + }, + "fsFileMax": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting fs.file-max." + }, + "fsInotifyMaxUserWatches": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting fs.inotify.max_user_watches." + }, + "fsNrOpen": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting fs.nr_open." + }, + "kernelThreadsMax": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting kernel.threads-max." + }, + "netCoreNetdevMaxBacklog": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting net.core.netdev_max_backlog." + }, + "netCoreOptmemMax": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting net.core.optmem_max." + }, + "netCoreRmemDefault": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting net.core.rmem_default." + }, + "netCoreRmemMax": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting net.core.rmem_max." + }, + "netCoreSomaxconn": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting net.core.somaxconn." + }, + "netCoreWmemDefault": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting net.core.wmem_default." + }, + "netCoreWmemMax": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting net.core.wmem_max." + }, + "netIpv4IpLocalPortRange": { + "type": "string", + "description": "Sysctl setting net.ipv4.ip_local_port_range." + }, + "netIpv4NeighDefaultGcThresh1": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting net.ipv4.neigh.default.gc_thresh1." + }, + "netIpv4NeighDefaultGcThresh2": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting net.ipv4.neigh.default.gc_thresh2." + }, + "netIpv4NeighDefaultGcThresh3": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting net.ipv4.neigh.default.gc_thresh3." + }, + "netIpv4TcpFinTimeout": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting net.ipv4.tcp_fin_timeout." + }, + "netIpv4TcpkeepaliveIntvl": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting net.ipv4.tcp_keepalive_intvl." + }, + "netIpv4TcpKeepaliveProbes": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting net.ipv4.tcp_keepalive_probes." + }, + "netIpv4TcpKeepaliveTime": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting net.ipv4.tcp_keepalive_time." + }, + "netIpv4TcpMaxSynBacklog": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting net.ipv4.tcp_max_syn_backlog." + }, + "netIpv4TcpMaxTwBuckets": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting net.ipv4.tcp_max_tw_buckets." + }, + "netIpv4TcpTwReuse": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting net.ipv4.tcp_tw_reuse." + }, + "netNetfilterNfConntrackBuckets": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting net.netfilter.nf_conntrack_buckets." + }, + "netNetfilterNfConntrackMax": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting net.netfilter.nf_conntrack_max." + }, + "vmMaxMapCount": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting vm.max_map_count." + }, + "vmSwappiness": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting vm.swappiness." + }, + "vmVfsCachePressure": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sysctl setting vm.vfs_cache_pressure." + } + }, + "description": "Sysctl settings for Linux agent nodes." + }, + "TimeInWeek": { + "type": "object", + "properties": { + "day": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Sunday", + "Monday", + "Tuesday", + "Wednesday", + "Thursday", + "Friday", + "Saturday" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The day of the week." + }, + "hourSlots": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "integer" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Each integer hour represents a time range beginning at 0m after the hour ending at the next hour (non-inclusive). 0 corresponds to 00:00 UTC, 23 corresponds to 23:00 UTC. Specifying [0, 1] means the 00:00 - 02:00 UTC time range." + } + }, + "description": "Time in a week." + }, + "TimeSpan": { + "type": "object", + "properties": { + "end": { + "type": "string", + "format": "date-time", + "description": "The end of a time span" + }, + "start": { + "type": "string", + "format": "date-time", + "description": "The start of a time span" + } + }, + "description": "For example, between 2021-05-25T13:00:00Z and 2021-05-25T14:00:00Z." + }, + "UserAssignedIdentity": { + "type": "object", + "properties": { + "clientId": { + "type": "string", + "description": "The client ID of the user assigned identity." + }, + "objectId": { + "type": "string", + "description": "The object ID of the user assigned identity." + }, + "resourceId": { + "type": "string", + "description": "The resource ID of the user assigned identity." + } + }, + "description": "Details about a user assigned identity." + } + } +} \ No newline at end of file diff --git a/schemas/2021-07-01/Microsoft.MachineLearningServices.json b/schemas/2021-07-01/Microsoft.MachineLearningServices.json new file mode 100644 index 0000000000..77dd3b5bea --- /dev/null +++ b/schemas/2021-07-01/Microsoft.MachineLearningServices.json @@ -0,0 +1,2197 @@ +{ + "id": "https://schema.management.azure.com/schemas/2021-07-01/Microsoft.MachineLearningServices.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.MachineLearningServices", + "description": "Microsoft MachineLearningServices Resource Types", + "resourceDefinitions": { + "workspaces": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-07-01" + ] + }, + "identity": { + "oneOf": [ + { + "$ref": "#/definitions/Identity" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Identity for the resource." + }, + "location": { + "type": "string", + "description": "Specifies the location of the resource." + }, + "name": { + "type": "string", + "description": "Name of Azure Machine Learning workspace." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/WorkspaceProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The properties of a machine learning workspace." + }, + "resources": { + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/workspaces_computes_childResource" + }, + { + "$ref": "#/definitions/workspaces_privateEndpointConnections_childResource" + }, + { + "$ref": "#/definitions/workspaces_connections_childResource" + } + ] + } + }, + "sku": { + "oneOf": [ + { + "$ref": "#/definitions/Sku" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sku of the resource" + }, + "systemData": { + "oneOf": [ + { + "$ref": "#/definitions/SystemData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Metadata pertaining to creation and last modification of the resource." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Contains resource tags defined as key/value pairs." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.MachineLearningServices/workspaces" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.MachineLearningServices/workspaces" + }, + "workspaces_computes": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-07-01" + ] + }, + "identity": { + "oneOf": [ + { + "$ref": "#/definitions/Identity" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Identity for the resource." + }, + "location": { + "type": "string", + "description": "Specifies the location of the resource." + }, + "name": { + "type": "string", + "description": "Name of the Azure Machine Learning compute." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/Compute" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Machine Learning compute object." + }, + "sku": { + "oneOf": [ + { + "$ref": "#/definitions/Sku" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sku of the resource" + }, + "systemData": { + "oneOf": [ + { + "$ref": "#/definitions/SystemData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Metadata pertaining to creation and last modification of the resource." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Contains resource tags defined as key/value pairs." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.MachineLearningServices/workspaces/computes" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.MachineLearningServices/workspaces/computes" + }, + "workspaces_connections": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-07-01" + ] + }, + "name": { + "type": "string", + "description": "Friendly name of the workspace connection" + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/WorkspaceConnectionProps" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Workspace Connection specific properties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.MachineLearningServices/workspaces/connections" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.MachineLearningServices/workspaces/connections" + }, + "workspaces_privateEndpointConnections": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-07-01" + ] + }, + "identity": { + "oneOf": [ + { + "$ref": "#/definitions/Identity" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Identity for the resource." + }, + "location": { + "type": "string", + "description": "Specifies the location of the resource." + }, + "name": { + "type": "string", + "description": "The name of the private endpoint connection associated with the workspace" + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateEndpointConnectionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of the PrivateEndpointConnectProperties." + }, + "sku": { + "oneOf": [ + { + "$ref": "#/definitions/Sku" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sku of the resource" + }, + "systemData": { + "oneOf": [ + { + "$ref": "#/definitions/SystemData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Metadata pertaining to creation and last modification of the resource." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Contains resource tags defined as key/value pairs." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.MachineLearningServices/workspaces/privateEndpointConnections" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.MachineLearningServices/workspaces/privateEndpointConnections" + } + }, + "definitions": { + "AKS": { + "type": "object", + "properties": { + "computeType": { + "type": "string", + "enum": [ + "AKS" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/AKSProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "AKS properties" + } + }, + "required": [ + "computeType" + ], + "description": "A Machine Learning compute based on AKS." + }, + "AksNetworkingConfiguration": { + "type": "object", + "properties": { + "dnsServiceIP": { + "oneOf": [ + { + "type": "string", + "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr." + }, + "dockerBridgeCidr": { + "oneOf": [ + { + "type": "string", + "pattern": "^([0-9]{1,3}\\.){3}[0-9]{1,3}(\\/([0-9]|[1-2][0-9]|3[0-2]))?$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range." + }, + "serviceCidr": { + "oneOf": [ + { + "type": "string", + "pattern": "^([0-9]{1,3}\\.){3}[0-9]{1,3}(\\/([0-9]|[1-2][0-9]|3[0-2]))?$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges." + }, + "subnetId": { + "type": "string", + "description": "Virtual network subnet resource ID the compute nodes belong to" + } + }, + "description": "Advance configuration for AKS networking" + }, + "AKSProperties": { + "type": "object", + "properties": { + "agentCount": { + "oneOf": [ + { + "type": "integer", + "minimum": 0 + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Number of agents" + }, + "agentVmSize": { + "type": "string", + "description": "Agent virtual machine size" + }, + "aksNetworkingConfiguration": { + "oneOf": [ + { + "$ref": "#/definitions/AksNetworkingConfiguration" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Advance configuration for AKS networking" + }, + "clusterFqdn": { + "type": "string", + "description": "Cluster full qualified domain name" + }, + "clusterPurpose": { + "oneOf": [ + { + "type": "string", + "enum": [ + "FastProd", + "DenseProd", + "DevTest" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Intended usage of the cluster." + }, + "loadBalancerSubnet": { + "type": "string", + "description": "Load Balancer Subnet" + }, + "loadBalancerType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "PublicIp", + "InternalLoadBalancer" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Load Balancer Type." + }, + "sslConfiguration": { + "oneOf": [ + { + "$ref": "#/definitions/SslConfiguration" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The ssl configuration for scoring" + } + }, + "description": "AKS properties" + }, + "AmlCompute": { + "type": "object", + "properties": { + "computeType": { + "type": "string", + "enum": [ + "AmlCompute" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/AmlComputeProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "AML Compute properties" + } + }, + "required": [ + "computeType" + ], + "description": "Properties(top level) of AmlCompute" + }, + "AmlComputeProperties": { + "type": "object", + "properties": { + "enableNodePublicIp": { + "oneOf": [ + { + "type": "boolean", + "default": true + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Enable or disable node public IP address provisioning. Possible values are: Possible values are: true - Indicates that the compute nodes will have public IPs provisioned. false - Indicates that the compute nodes will have a private endpoint and no public IPs." + }, + "isolatedNetwork": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Network is isolated or not" + }, + "osType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Linux", + "Windows" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Compute OS Type." + }, + "remoteLoginPortPublicAccess": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled", + "NotSpecified" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "State of the public SSH port. Possible values are: Disabled - Indicates that the public ssh port is closed on all nodes of the cluster. Enabled - Indicates that the public ssh port is open on all nodes of the cluster. NotSpecified - Indicates that the public ssh port is closed on all nodes of the cluster if VNet is defined, else is open all public nodes. It can be default only during cluster creation time, after creation it will be either enabled or disabled." + }, + "scaleSettings": { + "oneOf": [ + { + "$ref": "#/definitions/ScaleSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "scale settings for AML Compute" + }, + "subnet": { + "oneOf": [ + { + "$ref": "#/definitions/ResourceId" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Represents a resource ID. For example, for a subnet, it is the resource URL for the subnet." + }, + "userAccountCredentials": { + "oneOf": [ + { + "$ref": "#/definitions/UserAccountCredentials" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Settings for user account that gets created on each on the nodes of a compute." + }, + "virtualMachineImage": { + "oneOf": [ + { + "$ref": "#/definitions/VirtualMachineImage" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Virtual Machine image for Windows AML Compute" + }, + "vmPriority": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Dedicated", + "LowPriority" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Virtual Machine priority." + }, + "vmSize": { + "type": "string", + "description": "Virtual Machine Size" + } + }, + "description": "AML Compute properties" + }, + "AssignedUser": { + "type": "object", + "properties": { + "objectId": { + "type": "string", + "description": "User’s AAD Object Id." + }, + "tenantId": { + "type": "string", + "description": "User’s AAD Tenant Id." + } + }, + "required": [ + "objectId", + "tenantId" + ], + "description": "A user that can be assigned to a compute instance." + }, + "AutoPauseProperties": { + "type": "object", + "properties": { + "delayInMinutes": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + } + }, + "description": "Auto pause properties" + }, + "AutoScaleProperties": { + "type": "object", + "properties": { + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "maxNodeCount": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "minNodeCount": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + } + }, + "description": "Auto scale properties" + }, + "Compute": { + "type": "object", + "oneOf": [ + { + "$ref": "#/definitions/AKS" + }, + { + "$ref": "#/definitions/AmlCompute" + }, + { + "$ref": "#/definitions/ComputeInstance" + }, + { + "$ref": "#/definitions/VirtualMachine" + }, + { + "$ref": "#/definitions/HDInsight" + }, + { + "$ref": "#/definitions/DataFactory" + }, + { + "$ref": "#/definitions/Databricks" + }, + { + "$ref": "#/definitions/DataLakeAnalytics" + }, + { + "$ref": "#/definitions/SynapseSpark" + } + ], + "properties": { + "computeLocation": { + "type": "string", + "description": "Location for the underlying compute" + }, + "description": { + "type": "string", + "description": "The description of the Machine Learning compute." + }, + "disableLocalAuth": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Opt-out of local authentication and ensure customers can use only MSI and AAD exclusively for authentication." + }, + "resourceId": { + "type": "string", + "description": "ARM resource id of the underlying compute" + } + }, + "description": "Machine Learning compute object." + }, + "ComputeInstance": { + "type": "object", + "properties": { + "computeType": { + "type": "string", + "enum": [ + "ComputeInstance" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ComputeInstanceProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Compute Instance properties" + } + }, + "required": [ + "computeType" + ], + "description": "Properties(top level) of ComputeInstance" + }, + "ComputeInstanceProperties": { + "type": "object", + "properties": { + "applicationSharingPolicy": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Personal", + "Shared" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Policy for sharing applications on this compute instance among users of parent workspace. If Personal, only the creator can access applications on this compute instance. When Shared, any workspace user can access applications on this instance depending on his/her assigned role." + }, + "computeInstanceAuthorizationType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "personal" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Compute Instance Authorization type. Available values are personal (default)." + }, + "personalComputeInstanceSettings": { + "oneOf": [ + { + "$ref": "#/definitions/PersonalComputeInstanceSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Settings for a personal compute instance." + }, + "setupScripts": { + "oneOf": [ + { + "$ref": "#/definitions/SetupScripts" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Details of customized scripts to execute for setting up the cluster." + }, + "sshSettings": { + "oneOf": [ + { + "$ref": "#/definitions/ComputeInstanceSshSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies policy and settings for SSH access." + }, + "subnet": { + "oneOf": [ + { + "$ref": "#/definitions/ResourceId" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Represents a resource ID. For example, for a subnet, it is the resource URL for the subnet." + }, + "vmSize": { + "type": "string", + "description": "Virtual Machine Size" + } + }, + "description": "Compute Instance properties" + }, + "ComputeInstanceSshSettings": { + "type": "object", + "properties": { + "adminPublicKey": { + "type": "string", + "description": "Specifies the SSH rsa public key file as a string. Use \"ssh-keygen -t rsa -b 2048\" to generate your SSH key pairs." + }, + "sshPublicAccess": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "State of the public SSH port. Possible values are: Disabled - Indicates that the public ssh port is closed on this instance. Enabled - Indicates that the public ssh port is open and accessible according to the VNet/subnet policy if applicable." + } + }, + "description": "Specifies policy and settings for SSH access." + }, + "CosmosDbSettings": { + "type": "object", + "properties": { + "collectionsThroughput": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The throughput of the collections in cosmosdb database" + } + } + }, + "Databricks": { + "type": "object", + "properties": { + "computeType": { + "type": "string", + "enum": [ + "Databricks" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/DatabricksProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of Databricks" + } + }, + "required": [ + "computeType" + ], + "description": "A DataFactory compute." + }, + "DatabricksProperties": { + "type": "object", + "properties": { + "databricksAccessToken": { + "type": "string", + "description": "Databricks access token" + }, + "workspaceUrl": { + "type": "string", + "description": "Workspace Url" + } + }, + "description": "Properties of Databricks" + }, + "DataFactory": { + "type": "object", + "properties": { + "computeType": { + "type": "string", + "enum": [ + "DataFactory" + ] + } + }, + "required": [ + "computeType" + ], + "description": "A DataFactory compute." + }, + "DataLakeAnalytics": { + "type": "object", + "properties": { + "computeType": { + "type": "string", + "enum": [ + "DataLakeAnalytics" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/DataLakeAnalyticsProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + } + }, + "required": [ + "computeType" + ], + "description": "A DataLakeAnalytics compute." + }, + "DataLakeAnalyticsProperties": { + "type": "object", + "properties": { + "dataLakeStoreAccountName": { + "type": "string", + "description": "DataLake Store Account Name" + } + } + }, + "EncryptionProperty": { + "type": "object", + "properties": { + "identity": { + "oneOf": [ + { + "$ref": "#/definitions/IdentityForCmk" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Identity that will be used to access key vault for encryption at rest" + }, + "keyVaultProperties": { + "oneOf": [ + { + "$ref": "#/definitions/KeyVaultProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "status": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Indicates whether or not the encryption is enabled for the workspace." + } + }, + "required": [ + "keyVaultProperties", + "status" + ] + }, + "HDInsight": { + "type": "object", + "properties": { + "computeType": { + "type": "string", + "enum": [ + "HDInsight" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/HDInsightProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "HDInsight compute properties" + } + }, + "required": [ + "computeType" + ], + "description": "A HDInsight compute." + }, + "HDInsightProperties": { + "type": "object", + "properties": { + "address": { + "type": "string", + "description": "Public IP address of the master node of the cluster." + }, + "administratorAccount": { + "oneOf": [ + { + "$ref": "#/definitions/VirtualMachineSshCredentials" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Admin credentials for virtual machine" + }, + "sshPort": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Port open for ssh connections on the master node of the cluster." + } + }, + "description": "HDInsight compute properties" + }, + "Identity": { + "type": "object", + "properties": { + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "SystemAssigned", + "SystemAssigned,UserAssigned", + "UserAssigned", + "None" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The identity type." + }, + "userAssignedIdentities": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/UserAssignedIdentity" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "dictionary containing all the user assigned identities, with resourceId of the UAI as key." + } + }, + "description": "Identity for the resource." + }, + "IdentityForCmk": { + "type": "object", + "properties": { + "userAssignedIdentity": { + "type": "string", + "description": "The ArmId of the user assigned identity that will be used to access the customer managed key vault" + } + }, + "description": "Identity that will be used to access key vault for encryption at rest" + }, + "KeyVaultProperties": { + "type": "object", + "properties": { + "identityClientId": { + "type": "string", + "description": "For future use - The client id of the identity which will be used to access key vault." + }, + "keyIdentifier": { + "type": "string", + "description": "Key vault uri to access the encryption key." + }, + "keyVaultArmId": { + "type": "string", + "description": "The ArmId of the keyVault where the customer owned encryption key is present." + } + }, + "required": [ + "keyIdentifier", + "keyVaultArmId" + ] + }, + "PersonalComputeInstanceSettings": { + "type": "object", + "properties": { + "assignedUser": { + "oneOf": [ + { + "$ref": "#/definitions/AssignedUser" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A user that can be assigned to a compute instance." + } + }, + "description": "Settings for a personal compute instance." + }, + "PrivateEndpoint": { + "type": "object", + "properties": {}, + "description": "The Private Endpoint resource." + }, + "PrivateEndpointConnectionProperties": { + "type": "object", + "properties": { + "privateEndpoint": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateEndpoint" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Private Endpoint resource." + }, + "privateLinkServiceConnectionState": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateLinkServiceConnectionState" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A collection of information about the state of the connection between service consumer and provider." + }, + "provisioningState": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Succeeded", + "Creating", + "Deleting", + "Failed" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The provisioning state of the private endpoint connection resource." + } + }, + "required": [ + "privateLinkServiceConnectionState" + ], + "description": "Properties of the PrivateEndpointConnectProperties." + }, + "PrivateLinkServiceConnectionState": { + "type": "object", + "properties": { + "actionsRequired": { + "type": "string", + "description": "A message indicating if changes on the service provider require any updates on the consumer." + }, + "description": { + "type": "string", + "description": "The reason for approval/rejection of the connection." + }, + "status": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Pending", + "Approved", + "Rejected", + "Disconnected", + "Timeout" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service." + } + }, + "description": "A collection of information about the state of the connection between service consumer and provider." + }, + "ResourceId": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The ID of the resource" + } + }, + "required": [ + "id" + ], + "description": "Represents a resource ID. For example, for a subnet, it is the resource URL for the subnet." + }, + "ScaleSettings": { + "type": "object", + "properties": { + "maxNodeCount": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Max number of nodes to use" + }, + "minNodeCount": { + "oneOf": [ + { + "type": "integer", + "default": "0" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Min number of nodes to use" + }, + "nodeIdleTimeBeforeScaleDown": { + "type": "string", + "format": "duration", + "description": "Node Idle Time before scaling down amlCompute. This string needs to be in the RFC Format." + } + }, + "required": [ + "maxNodeCount" + ], + "description": "scale settings for AML Compute" + }, + "ScriptReference": { + "type": "object", + "properties": { + "scriptArguments": { + "type": "string", + "description": "Optional command line arguments passed to the script to run." + }, + "scriptData": { + "type": "string", + "description": "The location of scripts in the mounted volume." + }, + "scriptSource": { + "type": "string", + "description": "The storage source of the script: inline, workspace." + }, + "timeout": { + "type": "string", + "description": "Optional time period passed to timeout command." + } + }, + "description": "Script reference" + }, + "ScriptsToExecute": { + "type": "object", + "properties": { + "creationScript": { + "oneOf": [ + { + "$ref": "#/definitions/ScriptReference" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Script reference" + }, + "startupScript": { + "oneOf": [ + { + "$ref": "#/definitions/ScriptReference" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Script reference" + } + }, + "description": "Customized setup scripts" + }, + "ServiceManagedResourcesSettings": { + "type": "object", + "properties": { + "cosmosDb": { + "oneOf": [ + { + "$ref": "#/definitions/CosmosDbSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + } + } + }, + "SetupScripts": { + "type": "object", + "properties": { + "scripts": { + "oneOf": [ + { + "$ref": "#/definitions/ScriptsToExecute" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Customized setup scripts" + } + }, + "description": "Details of customized scripts to execute for setting up the cluster." + }, + "SharedPrivateLinkResource": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Unique name of the private link." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SharedPrivateLinkResourceProperty" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a shared private link resource." + } + } + }, + "SharedPrivateLinkResourceProperty": { + "type": "object", + "properties": { + "groupId": { + "type": "string", + "description": "The private link resource group id." + }, + "privateLinkResourceId": { + "type": "string", + "description": "The resource id that private link links to." + }, + "requestMessage": { + "type": "string", + "description": "Request message." + }, + "status": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Pending", + "Approved", + "Rejected", + "Disconnected", + "Timeout" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service." + } + }, + "description": "Properties of a shared private link resource." + }, + "Sku": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the sku" + }, + "tier": { + "type": "string", + "description": "Tier of the sku like Basic or Enterprise" + } + }, + "description": "Sku of the resource" + }, + "SslConfiguration": { + "type": "object", + "properties": { + "cert": { + "type": "string", + "description": "Cert data" + }, + "cname": { + "type": "string", + "description": "CNAME of the cert" + }, + "key": { + "type": "string", + "description": "Key data" + }, + "leafDomainLabel": { + "type": "string", + "description": "Leaf domain label of public endpoint" + }, + "overwriteExistingDomain": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Indicates whether to overwrite existing domain label." + }, + "status": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Disabled", + "Enabled", + "Auto" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Enable or disable ssl for scoring." + } + }, + "description": "The ssl configuration for scoring" + }, + "SynapseSpark": { + "type": "object", + "properties": { + "computeType": { + "type": "string", + "enum": [ + "SynapseSpark" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SynapseSparkProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + } + }, + "required": [ + "computeType" + ], + "description": "A SynapseSpark compute." + }, + "SynapseSparkProperties": { + "type": "object", + "properties": { + "autoPauseProperties": { + "oneOf": [ + { + "$ref": "#/definitions/AutoPauseProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Auto pause properties" + }, + "autoScaleProperties": { + "oneOf": [ + { + "$ref": "#/definitions/AutoScaleProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Auto scale properties" + }, + "nodeCount": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The number of compute nodes currently assigned to the compute." + }, + "nodeSize": { + "type": "string", + "description": "Node size." + }, + "nodeSizeFamily": { + "type": "string", + "description": "Node size family." + }, + "poolName": { + "type": "string", + "description": "Pool name." + }, + "resourceGroup": { + "type": "string", + "description": "Name of the resource group in which workspace is located." + }, + "sparkVersion": { + "type": "string", + "description": "Spark version." + }, + "subscriptionId": { + "type": "string", + "description": "Azure subscription identifier." + }, + "workspaceName": { + "type": "string", + "description": "Name of Azure Machine Learning workspace." + } + } + }, + "SystemData": { + "type": "object", + "properties": { + "createdAt": { + "type": "string", + "format": "date-time", + "description": "The timestamp of resource creation (UTC)." + }, + "createdBy": { + "type": "string", + "description": "The identity that created the resource." + }, + "createdByType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "User", + "Application", + "ManagedIdentity", + "Key" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of identity that created the resource." + }, + "lastModifiedAt": { + "type": "string", + "format": "date-time", + "description": "The timestamp of resource last modification (UTC)" + }, + "lastModifiedBy": { + "type": "string", + "description": "The identity that last modified the resource." + }, + "lastModifiedByType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "User", + "Application", + "ManagedIdentity", + "Key" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of identity that last modified the resource." + } + }, + "description": "Metadata pertaining to creation and last modification of the resource." + }, + "UserAccountCredentials": { + "type": "object", + "properties": { + "adminUserName": { + "type": "string", + "description": "Name of the administrator user account which can be used to SSH to nodes." + }, + "adminUserPassword": { + "type": "string", + "description": "Password of the administrator user account." + }, + "adminUserSshPublicKey": { + "type": "string", + "description": "SSH public key of the administrator user account." + } + }, + "required": [ + "adminUserName" + ], + "description": "Settings for user account that gets created on each on the nodes of a compute." + }, + "UserAssignedIdentity": { + "type": "object", + "properties": {}, + "description": "User Assigned Identity" + }, + "VirtualMachine": { + "type": "object", + "properties": { + "computeType": { + "type": "string", + "enum": [ + "VirtualMachine" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/VirtualMachineProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + } + }, + "required": [ + "computeType" + ], + "description": "A Machine Learning compute based on Azure Virtual Machines." + }, + "VirtualMachineImage": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Virtual Machine image path" + } + }, + "required": [ + "id" + ], + "description": "Virtual Machine image for Windows AML Compute" + }, + "VirtualMachineProperties": { + "type": "object", + "properties": { + "address": { + "type": "string", + "description": "Public IP address of the virtual machine." + }, + "administratorAccount": { + "oneOf": [ + { + "$ref": "#/definitions/VirtualMachineSshCredentials" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Admin credentials for virtual machine" + }, + "isNotebookInstanceCompute": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Indicates whether this compute will be used for running notebooks." + }, + "sshPort": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Port open for ssh connections." + }, + "virtualMachineSize": { + "type": "string", + "description": "Virtual Machine size" + } + } + }, + "VirtualMachineSshCredentials": { + "type": "object", + "properties": { + "password": { + "type": "string", + "description": "Password of admin account" + }, + "privateKeyData": { + "type": "string", + "description": "Private key data" + }, + "publicKeyData": { + "type": "string", + "description": "Public key data" + }, + "username": { + "type": "string", + "description": "Username of admin account" + } + }, + "description": "Admin credentials for virtual machine" + }, + "WorkspaceConnectionProps": { + "type": "object", + "properties": { + "authType": { + "type": "string", + "description": "Authorization type of the workspace connection." + }, + "category": { + "type": "string", + "description": "Category of the workspace connection." + }, + "target": { + "type": "string", + "description": "Target of the workspace connection." + }, + "value": { + "type": "string", + "description": "Value details of the workspace connection." + }, + "valueFormat": { + "oneOf": [ + { + "type": "string", + "enum": [ + "JSON" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "format for the workspace connection value." + } + }, + "description": "Workspace Connection specific properties." + }, + "WorkspaceProperties": { + "type": "object", + "properties": { + "allowPublicAccessWhenBehindVnet": { + "oneOf": [ + { + "type": "boolean", + "default": false + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The flag to indicate whether to allow public access when behind VNet." + }, + "applicationInsights": { + "type": "string", + "description": "ARM id of the application insights associated with this workspace. This cannot be changed once the workspace has been created" + }, + "containerRegistry": { + "type": "string", + "description": "ARM id of the container registry associated with this workspace. This cannot be changed once the workspace has been created" + }, + "description": { + "type": "string", + "description": "The description of this workspace." + }, + "discoveryUrl": { + "type": "string", + "description": "Url for the discovery service to identify regional endpoints for machine learning experimentation services" + }, + "encryption": { + "oneOf": [ + { + "$ref": "#/definitions/EncryptionProperty" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "friendlyName": { + "type": "string", + "description": "The friendly name for this workspace. This name in mutable" + }, + "hbiWorkspace": { + "oneOf": [ + { + "type": "boolean", + "default": false + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The flag to signal HBI data in the workspace and reduce diagnostic data collected by the service" + }, + "imageBuildCompute": { + "type": "string", + "description": "The compute name for image build" + }, + "keyVault": { + "type": "string", + "description": "ARM id of the key vault associated with this workspace. This cannot be changed once the workspace has been created" + }, + "primaryUserAssignedIdentity": { + "type": "string", + "description": "The user assigned identity resource id that represents the workspace identity." + }, + "publicNetworkAccess": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Whether requests from Public Network are allowed." + }, + "serviceManagedResourcesSettings": { + "oneOf": [ + { + "$ref": "#/definitions/ServiceManagedResourcesSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "sharedPrivateLinkResources": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/SharedPrivateLinkResource" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The list of shared private link resources in this workspace." + }, + "storageAccount": { + "type": "string", + "description": "ARM id of the storage account associated with this workspace. This cannot be changed once the workspace has been created" + } + }, + "description": "The properties of a machine learning workspace." + }, + "workspaces_computes_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-07-01" + ] + }, + "identity": { + "oneOf": [ + { + "$ref": "#/definitions/Identity" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Identity for the resource." + }, + "location": { + "type": "string", + "description": "Specifies the location of the resource." + }, + "name": { + "type": "string", + "description": "Name of the Azure Machine Learning compute." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/Compute" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Machine Learning compute object." + }, + "sku": { + "oneOf": [ + { + "$ref": "#/definitions/Sku" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sku of the resource" + }, + "systemData": { + "oneOf": [ + { + "$ref": "#/definitions/SystemData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Metadata pertaining to creation and last modification of the resource." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Contains resource tags defined as key/value pairs." + }, + "type": { + "type": "string", + "enum": [ + "computes" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.MachineLearningServices/workspaces/computes" + }, + "workspaces_connections_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-07-01" + ] + }, + "name": { + "type": "string", + "description": "Friendly name of the workspace connection" + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/WorkspaceConnectionProps" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Workspace Connection specific properties." + }, + "type": { + "type": "string", + "enum": [ + "connections" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.MachineLearningServices/workspaces/connections" + }, + "workspaces_privateEndpointConnections_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-07-01" + ] + }, + "identity": { + "oneOf": [ + { + "$ref": "#/definitions/Identity" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Identity for the resource." + }, + "location": { + "type": "string", + "description": "Specifies the location of the resource." + }, + "name": { + "type": "string", + "description": "The name of the private endpoint connection associated with the workspace" + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateEndpointConnectionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of the PrivateEndpointConnectProperties." + }, + "sku": { + "oneOf": [ + { + "$ref": "#/definitions/Sku" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sku of the resource" + }, + "systemData": { + "oneOf": [ + { + "$ref": "#/definitions/SystemData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Metadata pertaining to creation and last modification of the resource." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Contains resource tags defined as key/value pairs." + }, + "type": { + "type": "string", + "enum": [ + "privateEndpointConnections" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.MachineLearningServices/workspaces/privateEndpointConnections" + } + } +} \ No newline at end of file diff --git a/schemas/2021-07-01/Microsoft.Security.json b/schemas/2021-07-01/Microsoft.Security.json new file mode 100644 index 0000000000..8c5cade66a --- /dev/null +++ b/schemas/2021-07-01/Microsoft.Security.json @@ -0,0 +1,151 @@ +{ + "id": "https://schema.management.azure.com/schemas/2021-07-01/Microsoft.Security.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Security", + "description": "Microsoft Security Resource Types", + "resourceDefinitions": {}, + "subscription_resourceDefinitions": { + "settings": { + "type": "object", + "oneOf": [ + { + "$ref": "#/definitions/DataExportSettings" + }, + { + "$ref": "#/definitions/AlertSyncSettings" + } + ], + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-07-01" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "enum": [ + "MCAS", + "WDATP", + "WDATP_EXCLUDE_LINUX_PUBLIC_PREVIEW", + "Sentinel" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the setting." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Security/settings" + ] + } + }, + "required": [ + "apiVersion", + "name", + "type" + ], + "description": "Microsoft.Security/settings" + } + }, + "definitions": { + "AlertSyncSettingProperties": { + "type": "object", + "properties": { + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is the alert sync setting enabled" + } + }, + "required": [ + "enabled" + ], + "description": "The alert sync setting properties" + }, + "AlertSyncSettings": { + "type": "object", + "properties": { + "kind": { + "type": "string", + "enum": [ + "AlertSyncSettings" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/AlertSyncSettingProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The alert sync setting properties" + } + }, + "required": [ + "kind" + ], + "description": "Represents an alert sync setting" + }, + "DataExportSettingProperties": { + "type": "object", + "properties": { + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is the data export setting enabled" + } + }, + "required": [ + "enabled" + ], + "description": "The data export setting properties" + }, + "DataExportSettings": { + "type": "object", + "properties": { + "kind": { + "type": "string", + "enum": [ + "DataExportSettings" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/DataExportSettingProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The data export setting properties" + } + }, + "required": [ + "kind" + ], + "description": "Represents a data export setting" + } + } +} \ No newline at end of file diff --git a/schemas/2021-08-01/Microsoft.Cache.Enterprise.json b/schemas/2021-08-01/Microsoft.Cache.Enterprise.json new file mode 100644 index 0000000000..5bb0c691d6 --- /dev/null +++ b/schemas/2021-08-01/Microsoft.Cache.Enterprise.json @@ -0,0 +1,578 @@ +{ + "id": "https://schema.management.azure.com/schemas/2021-08-01/Microsoft.Cache.Enterprise.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Cache", + "description": "Microsoft Cache Resource Types", + "resourceDefinitions": { + "redisEnterprise": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-08-01" + ] + }, + "location": { + "type": "string", + "description": "The geo-location where the resource lives" + }, + "name": { + "type": "string", + "description": "The name of the RedisEnterprise cluster." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ClusterProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of RedisEnterprise clusters, as opposed to general resource properties like location, tags" + }, + "resources": { + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/redisEnterprise_databases_childResource" + }, + { + "$ref": "#/definitions/redisEnterprise_privateEndpointConnections_childResource" + } + ] + } + }, + "sku": { + "oneOf": [ + { + "$ref": "#/definitions/Sku" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "SKU parameters supplied to the create RedisEnterprise operation." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Resource tags." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Cache/redisEnterprise" + ] + }, + "zones": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Availability Zones where this cluster will be deployed." + } + }, + "required": [ + "apiVersion", + "location", + "name", + "properties", + "sku", + "type" + ], + "description": "Microsoft.Cache/redisEnterprise" + }, + "redisEnterprise_databases": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-08-01" + ] + }, + "name": { + "type": "string", + "description": "The name of the database." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/DatabaseProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of RedisEnterprise databases, as opposed to general resource properties like location, tags" + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Cache/redisEnterprise/databases" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Cache/redisEnterprise/databases" + }, + "redisEnterprise_privateEndpointConnections": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-08-01" + ] + }, + "name": { + "type": "string", + "description": "The name of the private endpoint connection associated with the Azure resource" + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateEndpointConnectionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of the PrivateEndpointConnectProperties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Cache/redisEnterprise/privateEndpointConnections" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Cache/redisEnterprise/privateEndpointConnections" + } + }, + "definitions": { + "ClusterProperties": { + "type": "object", + "properties": { + "minimumTlsVersion": { + "oneOf": [ + { + "type": "string", + "enum": [ + "1.0", + "1.1", + "1.2" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The minimum TLS version for the cluster to support, e.g. '1.2'." + } + }, + "description": "Properties of RedisEnterprise clusters, as opposed to general resource properties like location, tags" + }, + "DatabaseProperties": { + "type": "object", + "properties": { + "clientProtocol": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Encrypted", + "Plaintext" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies whether redis clients can connect using TLS-encrypted or plaintext redis protocols. Default is TLS-encrypted." + }, + "clusteringPolicy": { + "oneOf": [ + { + "type": "string", + "enum": [ + "EnterpriseCluster", + "OSSCluster" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Clustering policy - default is OSSCluster. Specified at create time." + }, + "evictionPolicy": { + "oneOf": [ + { + "type": "string", + "enum": [ + "AllKeysLFU", + "AllKeysLRU", + "AllKeysRandom", + "VolatileLRU", + "VolatileLFU", + "VolatileTTL", + "VolatileRandom", + "NoEviction" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Redis eviction policy - default is VolatileLRU." + }, + "modules": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/Module" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Optional set of redis modules to enable in this database - modules can only be added at creation time." + }, + "persistence": { + "oneOf": [ + { + "$ref": "#/definitions/Persistence" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Persistence-related configuration for the RedisEnterprise database" + }, + "port": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "TCP port of the database endpoint. Specified at create time. Defaults to an available port." + } + }, + "description": "Properties of RedisEnterprise databases, as opposed to general resource properties like location, tags" + }, + "Module": { + "type": "object", + "properties": { + "args": { + "type": "string", + "description": "Configuration options for the module, e.g. 'ERROR_RATE 0.00 INITIAL_SIZE 400'." + }, + "name": { + "type": "string", + "description": "The name of the module, e.g. 'RedisBloom', 'RediSearch', 'RedisTimeSeries'" + } + }, + "required": [ + "name" + ], + "description": "Specifies configuration of a redis module" + }, + "Persistence": { + "type": "object", + "properties": { + "aofEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sets whether AOF is enabled." + }, + "aofFrequency": { + "oneOf": [ + { + "type": "string", + "enum": [ + "1s", + "always" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sets the frequency at which data is written to disk." + }, + "rdbEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sets whether RDB is enabled." + }, + "rdbFrequency": { + "oneOf": [ + { + "type": "string", + "enum": [ + "1h", + "6h", + "12h" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sets the frequency at which a snapshot of the database is created." + } + }, + "description": "Persistence-related configuration for the RedisEnterprise database" + }, + "PrivateEndpoint": { + "type": "object", + "properties": {}, + "description": "The Private Endpoint resource." + }, + "PrivateEndpointConnectionProperties": { + "type": "object", + "properties": { + "privateEndpoint": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateEndpoint" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Private Endpoint resource." + }, + "privateLinkServiceConnectionState": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateLinkServiceConnectionState" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A collection of information about the state of the connection between service consumer and provider." + }, + "provisioningState": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Succeeded", + "Creating", + "Deleting", + "Failed" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The provisioning state of the private endpoint connection resource." + } + }, + "required": [ + "privateLinkServiceConnectionState" + ], + "description": "Properties of the PrivateEndpointConnectProperties." + }, + "PrivateLinkServiceConnectionState": { + "type": "object", + "properties": { + "actionsRequired": { + "type": "string", + "description": "A message indicating if changes on the service provider require any updates on the consumer." + }, + "description": { + "type": "string", + "description": "The reason for approval/rejection of the connection." + }, + "status": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Pending", + "Approved", + "Rejected" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service." + } + }, + "description": "A collection of information about the state of the connection between service consumer and provider." + }, + "redisEnterprise_databases_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-08-01" + ] + }, + "name": { + "type": "string", + "description": "The name of the database." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/DatabaseProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of RedisEnterprise databases, as opposed to general resource properties like location, tags" + }, + "type": { + "type": "string", + "enum": [ + "databases" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Cache/redisEnterprise/databases" + }, + "redisEnterprise_privateEndpointConnections_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-08-01" + ] + }, + "name": { + "type": "string", + "description": "The name of the private endpoint connection associated with the Azure resource" + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateEndpointConnectionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of the PrivateEndpointConnectProperties." + }, + "type": { + "type": "string", + "enum": [ + "privateEndpointConnections" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Cache/redisEnterprise/privateEndpointConnections" + }, + "Sku": { + "type": "object", + "properties": { + "capacity": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The size of the RedisEnterprise cluster. Defaults to 2 or 3 depending on SKU. Valid values are (2, 4, 6, ...) for Enterprise SKUs and (3, 9, 15, ...) for Flash SKUs." + }, + "name": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enterprise_E10", + "Enterprise_E20", + "Enterprise_E50", + "Enterprise_E100", + "EnterpriseFlash_F300", + "EnterpriseFlash_F700", + "EnterpriseFlash_F1500" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of RedisEnterprise cluster to deploy. Possible values: (Enterprise_E10, EnterpriseFlash_F300 etc.)." + } + }, + "required": [ + "name" + ], + "description": "SKU parameters supplied to the create RedisEnterprise operation." + } + } +} \ No newline at end of file diff --git a/schemas/common/autogeneratedResources.json b/schemas/common/autogeneratedResources.json index 86fc34a50d..0bbdd28678 100644 --- a/schemas/common/autogeneratedResources.json +++ b/schemas/common/autogeneratedResources.json @@ -1588,6 +1588,9 @@ { "$ref": "https://schema.management.azure.com/schemas/2020-09-01/Microsoft.Authorization.Resources.json#/unknown_resourceDefinitions/policyAssignments" }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-06-01/Microsoft.Authorization.Resources.json#/unknown_resourceDefinitions/policyAssignments" + }, { "$ref": "https://schema.management.azure.com/schemas/2020-06-30-preview/Microsoft.Automanage.json#/resourceDefinitions/accounts" }, @@ -2251,6 +2254,15 @@ { "$ref": "https://schema.management.azure.com/schemas/2021-03-01/Microsoft.Cache.Enterprise.json#/resourceDefinitions/redisEnterprise_privateEndpointConnections" }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-08-01/Microsoft.Cache.Enterprise.json#/resourceDefinitions/redisEnterprise" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-08-01/Microsoft.Cache.Enterprise.json#/resourceDefinitions/redisEnterprise_databases" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-08-01/Microsoft.Cache.Enterprise.json#/resourceDefinitions/redisEnterprise_privateEndpointConnections" + }, { "$ref": "https://schema.management.azure.com/schemas/2015-08-01/Microsoft.Cache.json#/resourceDefinitions/Redis" }, @@ -2977,6 +2989,18 @@ { "$ref": "https://schema.management.azure.com/schemas/2021-05-01/Microsoft.ContainerService.json#/resourceDefinitions/managedClusters_privateEndpointConnections" }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-07-01/Microsoft.ContainerService.json#/resourceDefinitions/managedClusters" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-07-01/Microsoft.ContainerService.json#/resourceDefinitions/managedClusters_agentPools" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-07-01/Microsoft.ContainerService.json#/resourceDefinitions/managedClusters_maintenanceConfigurations" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-07-01/Microsoft.ContainerService.json#/resourceDefinitions/managedClusters_privateEndpointConnections" + }, { "$ref": "https://schema.management.azure.com/schemas/2018-09-01-preview/Microsoft.CustomProviders.json#/resourceDefinitions/resourceProviders" }, @@ -6532,6 +6556,27 @@ { "$ref": "https://schema.management.azure.com/schemas/2021-04-01-preview/Microsoft.KeyVault.json#/resourceDefinitions/vaults_secrets" }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-06-01-preview/Microsoft.KeyVault.json#/resourceDefinitions/managedHSMs" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-06-01-preview/Microsoft.KeyVault.json#/resourceDefinitions/managedHSMs_privateEndpointConnections" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-06-01-preview/Microsoft.KeyVault.json#/resourceDefinitions/vaults" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-06-01-preview/Microsoft.KeyVault.json#/resourceDefinitions/vaults_accessPolicies" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-06-01-preview/Microsoft.KeyVault.json#/resourceDefinitions/vaults_keys" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-06-01-preview/Microsoft.KeyVault.json#/resourceDefinitions/vaults_privateEndpointConnections" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-06-01-preview/Microsoft.KeyVault.json#/resourceDefinitions/vaults_secrets" + }, { "$ref": "https://schema.management.azure.com/schemas/2020-01-01-preview/Microsoft.Kubernetes.json#/resourceDefinitions/connectedClusters" }, @@ -6838,6 +6883,18 @@ { "$ref": "https://schema.management.azure.com/schemas/2021-04-01/Microsoft.MachineLearningServices.json#/resourceDefinitions/workspaces_services" }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-07-01/Microsoft.MachineLearningServices.json#/resourceDefinitions/workspaces" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-07-01/Microsoft.MachineLearningServices.json#/resourceDefinitions/workspaces_computes" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-07-01/Microsoft.MachineLearningServices.json#/resourceDefinitions/workspaces_connections" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-07-01/Microsoft.MachineLearningServices.json#/resourceDefinitions/workspaces_privateEndpointConnections" + }, { "$ref": "https://schema.management.azure.com/schemas/2018-06-01-preview/Microsoft.Maintenance.json#/resourceDefinitions/maintenanceConfigurations" }, @@ -8455,18 +8512,6 @@ { "$ref": "https://schema.management.azure.com/schemas/2020-01-01/Microsoft.Security.json#/unknown_resourceDefinitions/assessments" }, - { - "$ref": "https://schema.management.azure.com/schemas/2020-08-06-preview/Microsoft.Security.json#/unknown_resourceDefinitions/iotSensors" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2020-08-06-preview/Microsoft.Security.json#/unknown_resourceDefinitions/iotSites" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2021-06-01/Microsoft.Security.json#/unknown_resourceDefinitions/assessments" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2021-07-01-preview/Microsoft.Security.json#/resourceDefinitions/securityConnectors" - }, { "$ref": "https://schema.management.azure.com/schemas/2015-08-01/Microsoft.ServiceBus.json#/resourceDefinitions/namespaces" }, @@ -8752,6 +8797,21 @@ { "$ref": "https://schema.management.azure.com/schemas/2020-12-01-preview/Microsoft.ServiceFabric.json#/resourceDefinitions/clusters_applicationTypes_versions" }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-06-01/Microsoft.ServiceFabric.json#/resourceDefinitions/clusters" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-06-01/Microsoft.ServiceFabric.json#/resourceDefinitions/clusters_applications" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-06-01/Microsoft.ServiceFabric.json#/resourceDefinitions/clusters_applications_services" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-06-01/Microsoft.ServiceFabric.json#/resourceDefinitions/clusters_applicationTypes" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-06-01/Microsoft.ServiceFabric.json#/resourceDefinitions/clusters_applicationTypes_versions" + }, { "$ref": "https://schema.management.azure.com/schemas/2018-07-01-preview/Microsoft.ServiceFabricMesh.json#/resourceDefinitions/applications" }, diff --git a/swagger_to_sdk_config.json b/swagger_to_sdk_config.json index 1d48906fd0..f1da772956 100644 --- a/swagger_to_sdk_config.json +++ b/swagger_to_sdk_config.json @@ -1,5 +1,5 @@ { - "$schema": "https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/documentation/sdkautomation/SwaggerToSdkConfigSchema.json", + "$schema": "https://raw.githubusercontent.com/Azure/azure-rest-api-specs/main/documentation/sdkautomation/SwaggerToSdkConfigSchema.json", "initOptions": { "initScript": { "path": ".sdkauto/initScript.sh"