Merge pull request #1546 from robga/robga/policy

Onboarding auth RP for policy for autogeneration

Author: anthony-c-martin

generator/autogenlist.ts

@@ -4,6 +4,7 @@ import { postProcessor as resourcesPostProcessor } from './processors/Microsoft.
 import { postProcessor as machineLearningPostProcessor } from './processors/Microsoft.MachineLearning';
 import { postProcessor as machineLearningServicesPostProcessor } from './processors/Microsoft.MachineLearningServices';
 import { postProcessor as storageProcessor } from './processors/Microsoft.Storage';
+import { postProcessor as policyProcessor } from './processors/Microsoft.Authorization';
 import { lowerCaseEquals } from './utils';
 
 // Run "npm run list-basepaths" to discover all the valid readme files to add to this list
@@ -466,6 +467,33 @@ const autoGenList: AutoGenConfig[] = [
         ],
         postProcessor: resourcesPostProcessor,
     },
+    {
+        basePath: 'resources/resource-manager',
+        namespace: 'Microsoft.Authorization',
+        resourceConfig: [
+            {
+                type: 'policyDefinitions',
+                scopes: ScopeType.Tenant | ScopeType.ManagementGroup | ScopeType.Subcription,
+            },
+            {
+                type: 'policySetDefinitions',
+                scopes: ScopeType.Tenant | ScopeType.ManagementGroup | ScopeType.Subcription,
+            },
+            {
+                type: 'policyAssignments',
+                scopes: ScopeType.ManagementGroup | ScopeType.Subcription | ScopeType.ResourceGroup | ScopeType.Extension,
+            },
+            {
+                type: 'policyExemptions',
+                scopes: ScopeType.ManagementGroup | ScopeType.Subcription | ScopeType.ResourceGroup | ScopeType.Extension,
+            },
+            {
+                type: 'locks',
+                scopes: ScopeType.Subcription | ScopeType.ResourceGroup | ScopeType.Extension,
+            },
+        ],
+        postProcessor: policyProcessor
+    },
     {
         basePath: 'relay/resource-manager',
         namespace: 'Microsoft.Relay',

generator/processors/Microsoft.Authorization.ts

@@ -0,0 +1,41 @@
+import { SchemaPostProcessor } from '../models';
+
+export const postProcessor: SchemaPostProcessor = (_namespace: string, _apiVersion: string, schema: any) => {
+    const allowedValues = schema.definitions?.ParameterDefinitionsValue?.properties?.allowedValues;
+    if (allowedValues && allowedValues.oneOf) {
+        const allowedValuesItems = allowedValues.oneOf[0]?.items
+        removeObjectType(allowedValuesItems);
+    }
+  
+    const defaultValue = schema.definitions?.ParameterDefinitionsValue?.properties?.defaultValue;
+    removeObjectType(defaultValue);
+  
+    const assignmentParameter = schema.definitions?.PolicyAssignmentProperties?.properties?.parameters;
+    removeObjectType(assignmentParameter);
+    removeDataplaneParameterRestriction(assignmentParameter);
+
+    const definitionParameter = schema.definitions?.PolicyDefinitionProperties?.properties?.parameters;
+    removeObjectType(definitionParameter);
+    removeDataplaneParameterRestriction(definitionParameter);
+
+    const definitionReferenceParameter = schema.definitions?.PolicyDefinitionReference?.properties?.parameters;
+    removeObjectType(definitionReferenceParameter);
+    removeDataplaneParameterRestriction(definitionReferenceParameter);
+
+    const setDefinitionParameter = schema.definitions?.PolicySetDefinitionProperties?.properties?.parameters;
+    removeObjectType(setDefinitionParameter);
+    removeDataplaneParameterRestriction(setDefinitionParameter);
+}
+
+function removeObjectType(property: any) {
+    if (property && property['type'] && property['type'] === 'object') {
+        delete property['type'];
+        delete property['properties'];
+    }    
+}
+
+function removeDataplaneParameterRestriction(property: any) {
+    if (property?.oneOf && property.oneOf[0]?.additionalProperties && property.oneOf[0]['type'] === 'object') {
+        delete property['oneOf'];
+    }    
+}

schemas/2014-04-01-preview/deploymentTemplate.json

@@ -1,70 +1,157 @@
 {
-  "id": "https://schema.management.azure.com/schemas/2015-01-01/Microsoft.Authorization.json",
+  "id": "https://schema.management.azure.com/schemas/2015-01-01/Microsoft.Authorization.json#",
   "$schema": "http://json-schema.org/draft-04/schema#",
   "title": "Microsoft.Authorization",
-  "description": "Microsoft Microsoft.Authorization Resource Types",
+  "description": "Microsoft Authorization Resource Types",
   "resourceDefinitions": {
     "locks": {
       "type": "object",
       "properties": {
+        "apiVersion": {
+          "type": "string",
+          "enum": [
+            "2015-01-01"
+          ]
+        },
+        "name": {
+          "type": "string",
+          "description": "The lock name."
+        },
+        "properties": {
+          "oneOf": [
+            {
+              "$ref": "#/definitions/ManagementLockProperties"
+            },
+            {
+              "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
+            }
+          ],
+          "description": "The management lock properties."
+        },
         "type": {
+          "type": "string",
           "enum": [
             "Microsoft.Authorization/locks"
           ]
-        },
+        }
+      },
+      "required": [
+        "apiVersion",
+        "name",
+        "properties",
+        "type"
+      ],
+      "description": "Microsoft.Authorization/locks"
+    }
+  },
+  "subscription_resourceDefinitions": {
+    "locks": {
+      "type": "object",
+      "properties": {
         "apiVersion": {
+          "type": "string",
           "enum": [
             "2015-01-01"
           ]
         },
         "name": {
           "type": "string",
-          "minLength": 1,
-          "maxLength": 64,
-          "description": "Name of the lock"
-        },
-        "dependsOn": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          },
-          "description": "Collection of resources this resource depends on"
+          "description": "The name of lock."
         },
         "properties": {
-          "type": "object",
-          "properties": {
-            "level": {
-              "oneOf": [
-                {
-                  "enum": [
-                    "CannotDelete",
-                    "ReadOnly"
-                  ] 
-                },
-                { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" }
-              ]
-              ,
-              "description": "Microsoft.Authorization/locks: level - specifies the type of lock to apply to the scope.  CanNotDelete allows modification but prevents deletion, ReadOnly prevents modification or deletion."
+          "oneOf": [
+            {
+              "$ref": "#/definitions/ManagementLockProperties"
             },
-            "notes": {
-              "type": "string",
-              "minLength": 1,
-              "maxLength": 512,
-              "description": "Microsoft.Authorization/locks: notes - user defined notes for the lock"
+            {
+              "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
             }
-          },
-          "required": [
-            "level"
+          ],
+          "description": "The management lock properties."
+        },
+        "type": {
+          "type": "string",
+          "enum": [
+            "Microsoft.Authorization/locks"
           ]
         }
       },
       "required": [
+        "apiVersion",
         "name",
-        "type",
+        "properties",
+        "type"
+      ],
+      "description": "Microsoft.Authorization/locks"
+    }
+  },
+  "extension_resourceDefinitions": {
+    "locks": {
+      "type": "object",
+      "properties": {
+        "apiVersion": {
+          "type": "string",
+          "enum": [
+            "2015-01-01"
+          ]
+        },
+        "name": {
+          "type": "string",
+          "description": "The name of lock."
+        },
+        "properties": {
+          "oneOf": [
+            {
+              "$ref": "#/definitions/ManagementLockProperties"
+            },
+            {
+              "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
+            }
+          ],
+          "description": "The management lock properties."
+        },
+        "type": {
+          "type": "string",
+          "enum": [
+            "Microsoft.Authorization/locks"
+          ]
+        }
+      },
+      "required": [
         "apiVersion",
-        "properties"
+        "name",
+        "properties",
+        "type"
       ],
-      "description": "Microsoft.Authorization/locks resource"
+      "description": "Microsoft.Authorization/locks"
+    }
+  },
+  "definitions": {
+    "ManagementLockProperties": {
+      "type": "object",
+      "properties": {
+        "level": {
+          "oneOf": [
+            {
+              "type": "string",
+              "enum": [
+                "NotSpecified",
+                "CanNotDelete",
+                "ReadOnly"
+              ]
+            },
+            {
+              "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
+            }
+          ],
+          "description": "The lock level of the management lock."
+        },
+        "notes": {
+          "type": "string",
+          "description": "The notes of the management lock."
+        }
+      },
+      "description": "The management lock properties."
     }
   }
 }