diff --git a/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/_configuration.py b/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/_configuration.py index 487fb38b8695..e798f6322b4f 100644 --- a/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/_configuration.py +++ b/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/_configuration.py @@ -21,14 +21,18 @@ class PolicyInsightsClientConfiguration(AzureConfiguration): :param credentials: Credentials needed for the client to connect to Azure. :type credentials: :mod:`A msrestazure Credentials object` + :param subscription_id2: The ID of the target subscription. + :type subscription_id2: str :param str base_url: Service URL """ def __init__( - self, credentials, base_url=None): + self, credentials, subscription_id2, base_url=None): if credentials is None: raise ValueError("Parameter 'credentials' must not be None.") + if subscription_id2 is None: + raise ValueError("Parameter 'subscription_id2' must not be None.") if not base_url: base_url = 'https://management.azure.com' @@ -41,3 +45,4 @@ def __init__( self.add_user_agent('Azure-SDK-For-Python') self.credentials = credentials + self.subscription_id2 = subscription_id2 diff --git a/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/_policy_insights_client.py b/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/_policy_insights_client.py index 7891933e6482..f901d9347e6c 100644 --- a/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/_policy_insights_client.py +++ b/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/_policy_insights_client.py @@ -19,6 +19,7 @@ from .operations import PolicyStatesOperations from .operations import Operations from .operations import PolicyMetadataOperations +from .operations import PolicyRestrictionsOperations from . import models @@ -40,17 +41,21 @@ class PolicyInsightsClient(SDKClient): :vartype operations: azure.mgmt.policyinsights.operations.Operations :ivar policy_metadata: PolicyMetadata operations :vartype policy_metadata: azure.mgmt.policyinsights.operations.PolicyMetadataOperations + :ivar policy_restrictions: PolicyRestrictions operations + :vartype policy_restrictions: azure.mgmt.policyinsights.operations.PolicyRestrictionsOperations :param credentials: Credentials needed for the client to connect to Azure. :type credentials: :mod:`A msrestazure Credentials object` + :param subscription_id2: The ID of the target subscription. + :type subscription_id2: str :param str base_url: Service URL """ def __init__( - self, credentials, base_url=None): + self, credentials, subscription_id2, base_url=None): - self.config = PolicyInsightsClientConfiguration(credentials, base_url) + self.config = PolicyInsightsClientConfiguration(credentials, subscription_id2, base_url) super(PolicyInsightsClient, self).__init__(self.config.credentials, self.config) client_models = {k: v for k, v in models.__dict__.items() if isinstance(v, type)} @@ -69,3 +74,5 @@ def __init__( self._client, self.config, self._serialize, self._deserialize) self.policy_metadata = PolicyMetadataOperations( self._client, self.config, self._serialize, self._deserialize) + self.policy_restrictions = PolicyRestrictionsOperations( + self._client, self.config, self._serialize, self._deserialize) diff --git a/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/models/__init__.py b/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/models/__init__.py index d1f747978980..50938839deea 100644 --- a/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/models/__init__.py +++ b/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/models/__init__.py @@ -10,23 +10,32 @@ # -------------------------------------------------------------------------- try: + from ._models_py3 import CheckRestrictionsRequest + from ._models_py3 import CheckRestrictionsResourceDetails + from ._models_py3 import CheckRestrictionsResult + from ._models_py3 import CheckRestrictionsResultContentEvaluationResult from ._models_py3 import ComplianceDetail from ._models_py3 import ComponentEventDetails from ._models_py3 import ComponentStateDetails from ._models_py3 import ErrorDefinition from ._models_py3 import ErrorResponse, ErrorResponseException from ._models_py3 import ExpressionEvaluationDetails + from ._models_py3 import FieldRestriction + from ._models_py3 import FieldRestrictions from ._models_py3 import IfNotExistsEvaluationDetails from ._models_py3 import Operation from ._models_py3 import OperationDisplay from ._models_py3 import OperationsListResults + from ._models_py3 import PendingField from ._models_py3 import PolicyAssignmentSummary from ._models_py3 import PolicyDefinitionSummary from ._models_py3 import PolicyDetails from ._models_py3 import PolicyEvaluationDetails + from ._models_py3 import PolicyEvaluationResult from ._models_py3 import PolicyEvent from ._models_py3 import PolicyGroupSummary from ._models_py3 import PolicyMetadata + from ._models_py3 import PolicyReference from ._models_py3 import PolicyState from ._models_py3 import PolicyTrackedResource from ._models_py3 import QueryFailure, QueryFailureException @@ -43,23 +52,32 @@ from ._models_py3 import TrackedResourceModificationDetails from ._models_py3 import TypedErrorInfo except (SyntaxError, ImportError): + from ._models import CheckRestrictionsRequest + from ._models import CheckRestrictionsResourceDetails + from ._models import CheckRestrictionsResult + from ._models import CheckRestrictionsResultContentEvaluationResult from ._models import ComplianceDetail from ._models import ComponentEventDetails from ._models import ComponentStateDetails from ._models import ErrorDefinition from ._models import ErrorResponse, ErrorResponseException from ._models import ExpressionEvaluationDetails + from ._models import FieldRestriction + from ._models import FieldRestrictions from ._models import IfNotExistsEvaluationDetails from ._models import Operation from ._models import OperationDisplay from ._models import OperationsListResults + from ._models import PendingField from ._models import PolicyAssignmentSummary from ._models import PolicyDefinitionSummary from ._models import PolicyDetails from ._models import PolicyEvaluationDetails + from ._models import PolicyEvaluationResult from ._models import PolicyEvent from ._models import PolicyGroupSummary from ._models import PolicyMetadata + from ._models import PolicyReference from ._models import PolicyState from ._models import PolicyTrackedResource from ._models import QueryFailure, QueryFailureException @@ -83,27 +101,37 @@ from ._paged_models import SlimPolicyMetadataPaged from ._policy_insights_client_enums import ( ResourceDiscoveryMode, + FieldRestrictionResult, PolicyStatesResource, ) __all__ = [ + 'CheckRestrictionsRequest', + 'CheckRestrictionsResourceDetails', + 'CheckRestrictionsResult', + 'CheckRestrictionsResultContentEvaluationResult', 'ComplianceDetail', 'ComponentEventDetails', 'ComponentStateDetails', 'ErrorDefinition', 'ErrorResponse', 'ErrorResponseException', 'ExpressionEvaluationDetails', + 'FieldRestriction', + 'FieldRestrictions', 'IfNotExistsEvaluationDetails', 'Operation', 'OperationDisplay', 'OperationsListResults', + 'PendingField', 'PolicyAssignmentSummary', 'PolicyDefinitionSummary', 'PolicyDetails', 'PolicyEvaluationDetails', + 'PolicyEvaluationResult', 'PolicyEvent', 'PolicyGroupSummary', 'PolicyMetadata', + 'PolicyReference', 'PolicyState', 'PolicyTrackedResource', 'QueryFailure', 'QueryFailureException', @@ -126,5 +154,6 @@ 'PolicyStatePaged', 'SlimPolicyMetadataPaged', 'ResourceDiscoveryMode', + 'FieldRestrictionResult', 'PolicyStatesResource', ] diff --git a/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/models/_models.py b/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/models/_models.py index 410b4d0a4c69..186341399f7a 100644 --- a/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/models/_models.py +++ b/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/models/_models.py @@ -13,6 +13,121 @@ from msrest.exceptions import HttpOperationError +class CheckRestrictionsRequest(Model): + """The check policy restrictions parameters describing the resource that is + being evaluated. + + All required parameters must be populated in order to send to Azure. + + :param resource_details: Required. The information about the resource that + will be evaluated. + :type resource_details: + ~azure.mgmt.policyinsights.models.CheckRestrictionsResourceDetails + :param pending_fields: The list of fields and values that should be + evaluated for potential restrictions. + :type pending_fields: list[~azure.mgmt.policyinsights.models.PendingField] + """ + + _validation = { + 'resource_details': {'required': True}, + } + + _attribute_map = { + 'resource_details': {'key': 'resourceDetails', 'type': 'CheckRestrictionsResourceDetails'}, + 'pending_fields': {'key': 'pendingFields', 'type': '[PendingField]'}, + } + + def __init__(self, **kwargs): + super(CheckRestrictionsRequest, self).__init__(**kwargs) + self.resource_details = kwargs.get('resource_details', None) + self.pending_fields = kwargs.get('pending_fields', None) + + +class CheckRestrictionsResourceDetails(Model): + """The information about the resource that will be evaluated. + + All required parameters must be populated in order to send to Azure. + + :param resource_content: Required. The resource content. This should + include whatever properties are already known and can be a partial set of + all resource properties. + :type resource_content: object + :param api_version: The api-version of the resource content. + :type api_version: str + :param scope: The scope where the resource is being created. For example, + if the resource is a child resource this would be the parent resource's + resource ID. + :type scope: str + """ + + _validation = { + 'resource_content': {'required': True}, + } + + _attribute_map = { + 'resource_content': {'key': 'resourceContent', 'type': 'object'}, + 'api_version': {'key': 'apiVersion', 'type': 'str'}, + 'scope': {'key': 'scope', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(CheckRestrictionsResourceDetails, self).__init__(**kwargs) + self.resource_content = kwargs.get('resource_content', None) + self.api_version = kwargs.get('api_version', None) + self.scope = kwargs.get('scope', None) + + +class CheckRestrictionsResult(Model): + """The result of a check policy restrictions evaluation on a resource. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar field_restrictions: The restrictions that will be placed on various + fields in the resource by policy. + :vartype field_restrictions: + list[~azure.mgmt.policyinsights.models.FieldRestrictions] + :ivar content_evaluation_result: Evaluation results for the provided + partial resource content. + :vartype content_evaluation_result: + ~azure.mgmt.policyinsights.models.CheckRestrictionsResultContentEvaluationResult + """ + + _validation = { + 'field_restrictions': {'readonly': True}, + 'content_evaluation_result': {'readonly': True}, + } + + _attribute_map = { + 'field_restrictions': {'key': 'fieldRestrictions', 'type': '[FieldRestrictions]'}, + 'content_evaluation_result': {'key': 'contentEvaluationResult', 'type': 'CheckRestrictionsResultContentEvaluationResult'}, + } + + def __init__(self, **kwargs): + super(CheckRestrictionsResult, self).__init__(**kwargs) + self.field_restrictions = None + self.content_evaluation_result = None + + +class CheckRestrictionsResultContentEvaluationResult(Model): + """Evaluation results for the provided partial resource content. + + :param policy_evaluations: Policy evaluation results against the given + resource content. This will indicate if the partial content that was + provided will be denied as-is. + :type policy_evaluations: + list[~azure.mgmt.policyinsights.models.PolicyEvaluationResult] + """ + + _attribute_map = { + 'policy_evaluations': {'key': 'policyEvaluations', 'type': '[PolicyEvaluationResult]'}, + } + + def __init__(self, **kwargs): + super(CheckRestrictionsResultContentEvaluationResult, self).__init__(**kwargs) + self.policy_evaluations = kwargs.get('policy_evaluations', None) + + class CloudError(Model): """CloudError. """ @@ -200,10 +315,15 @@ def __init__(self, deserialize, response, *args): class ExpressionEvaluationDetails(Model): """Evaluation details of policy language expressions. + Variables are only populated by the server, and will be ignored when + sending a request. + :param result: Evaluation result. :type result: str :param expression: Expression evaluated. :type expression: str + :ivar expression_kind: The kind of expression that was evaluated. + :vartype expression_kind: str :param path: Property path if the expression is a field or an alias. :type path: str :param expression_value: Value of the expression. @@ -216,9 +336,14 @@ class ExpressionEvaluationDetails(Model): :type operator: str """ + _validation = { + 'expression_kind': {'readonly': True}, + } + _attribute_map = { 'result': {'key': 'result', 'type': 'str'}, 'expression': {'key': 'expression', 'type': 'str'}, + 'expression_kind': {'key': 'expressionKind', 'type': 'str'}, 'path': {'key': 'path', 'type': 'str'}, 'expression_value': {'key': 'expressionValue', 'type': 'object'}, 'target_value': {'key': 'targetValue', 'type': 'object'}, @@ -229,12 +354,85 @@ def __init__(self, **kwargs): super(ExpressionEvaluationDetails, self).__init__(**kwargs) self.result = kwargs.get('result', None) self.expression = kwargs.get('expression', None) + self.expression_kind = None self.path = kwargs.get('path', None) self.expression_value = kwargs.get('expression_value', None) self.target_value = kwargs.get('target_value', None) self.operator = kwargs.get('operator', None) +class FieldRestriction(Model): + """The restrictions on a field imposed by a specific policy. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar result: The type of restriction that is imposed on the field. + Possible values include: 'Required', 'Removed', 'Deny' + :vartype result: str or + ~azure.mgmt.policyinsights.models.FieldRestrictionResult + :ivar default_value: The value that policy will set for the field if the + user does not provide a value. + :vartype default_value: str + :ivar values: The values that policy either requires or denies for the + field. + :vartype values: list[str] + :ivar policy: The details of the policy that is causing the field + restriction. + :vartype policy: ~azure.mgmt.policyinsights.models.PolicyReference + """ + + _validation = { + 'result': {'readonly': True}, + 'default_value': {'readonly': True}, + 'values': {'readonly': True}, + 'policy': {'readonly': True}, + } + + _attribute_map = { + 'result': {'key': 'result', 'type': 'str'}, + 'default_value': {'key': 'defaultValue', 'type': 'str'}, + 'values': {'key': 'values', 'type': '[str]'}, + 'policy': {'key': 'policy', 'type': 'PolicyReference'}, + } + + def __init__(self, **kwargs): + super(FieldRestriction, self).__init__(**kwargs) + self.result = None + self.default_value = None + self.values = None + self.policy = None + + +class FieldRestrictions(Model): + """The restrictions that will be placed on a field in the resource by policy. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar field: The name of the field. This can be a top-level property like + 'name' or 'type' or an Azure Policy field alias. + :vartype field: str + :param restrictions: The restrictions placed on that field by policy. + :type restrictions: + list[~azure.mgmt.policyinsights.models.FieldRestriction] + """ + + _validation = { + 'field': {'readonly': True}, + } + + _attribute_map = { + 'field': {'key': 'field', 'type': 'str'}, + 'restrictions': {'key': 'restrictions', 'type': '[FieldRestriction]'}, + } + + def __init__(self, **kwargs): + super(FieldRestrictions, self).__init__(**kwargs) + self.field = None + self.restrictions = kwargs.get('restrictions', None) + + class IfNotExistsEvaluationDetails(Model): """Evaluation details of IfNotExists effect. @@ -330,6 +528,35 @@ def __init__(self, **kwargs): self.value = kwargs.get('value', None) +class PendingField(Model): + """A field that should be evaluated against Azure Policy to determine + restrictions. + + All required parameters must be populated in order to send to Azure. + + :param field: Required. The name of the field. This can be a top-level + property like 'name' or 'type' or an Azure Policy field alias. + :type field: str + :param values: The list of potential values for the field that should be + evaluated against Azure Policy. + :type values: list[str] + """ + + _validation = { + 'field': {'required': True}, + } + + _attribute_map = { + 'field': {'key': 'field', 'type': 'str'}, + 'values': {'key': 'values', 'type': '[str]'}, + } + + def __init__(self, **kwargs): + super(PendingField, self).__init__(**kwargs) + self.field = kwargs.get('field', None) + self.values = kwargs.get('values', None) + + class PolicyAssignmentSummary(Model): """Policy assignment summary. @@ -469,6 +696,44 @@ def __init__(self, **kwargs): self.if_not_exists_details = kwargs.get('if_not_exists_details', None) +class PolicyEvaluationResult(Model): + """The result of a non-compliant policy evaluation against the given resource + content. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar policy_info: The details of the policy that was evaluated. + :vartype policy_info: ~azure.mgmt.policyinsights.models.PolicyReference + :ivar evaluation_result: The result of the policy evaluation against the + resource. This will typically be 'NonCompliant' but may contain other + values if errors were encountered. + :vartype evaluation_result: str + :ivar evaluation_details: The detailed results of the policy expressions + and values that were evaluated. + :vartype evaluation_details: + ~azure.mgmt.policyinsights.models.PolicyEvaluationDetails + """ + + _validation = { + 'policy_info': {'readonly': True}, + 'evaluation_result': {'readonly': True}, + 'evaluation_details': {'readonly': True}, + } + + _attribute_map = { + 'policy_info': {'key': 'policyInfo', 'type': 'PolicyReference'}, + 'evaluation_result': {'key': 'evaluationResult', 'type': 'str'}, + 'evaluation_details': {'key': 'evaluationDetails', 'type': 'PolicyEvaluationDetails'}, + } + + def __init__(self, **kwargs): + super(PolicyEvaluationResult, self).__init__(**kwargs) + self.policy_info = None + self.evaluation_result = None + self.evaluation_details = None + + class PolicyEvent(Model): """Policy event record. @@ -720,6 +985,48 @@ def __init__(self, **kwargs): self.name = None +class PolicyReference(Model): + """Resource identifiers for a policy. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar policy_definition_id: The resource identifier of the policy + definition. + :vartype policy_definition_id: str + :ivar policy_set_definition_id: The resource identifier of the policy set + definition. + :vartype policy_set_definition_id: str + :ivar policy_definition_reference_id: The reference identifier of a + specific policy definition within a policy set definition. + :vartype policy_definition_reference_id: str + :ivar policy_assignment_id: The resource identifier of the policy + assignment. + :vartype policy_assignment_id: str + """ + + _validation = { + 'policy_definition_id': {'readonly': True}, + 'policy_set_definition_id': {'readonly': True}, + 'policy_definition_reference_id': {'readonly': True}, + 'policy_assignment_id': {'readonly': True}, + } + + _attribute_map = { + 'policy_definition_id': {'key': 'policyDefinitionId', 'type': 'str'}, + 'policy_set_definition_id': {'key': 'policySetDefinitionId', 'type': 'str'}, + 'policy_definition_reference_id': {'key': 'policyDefinitionReferenceId', 'type': 'str'}, + 'policy_assignment_id': {'key': 'policyAssignmentId', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(PolicyReference, self).__init__(**kwargs) + self.policy_definition_id = None + self.policy_set_definition_id = None + self.policy_definition_reference_id = None + self.policy_assignment_id = None + + class PolicyState(Model): """Policy state record. diff --git a/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/models/_models_py3.py b/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/models/_models_py3.py index af8ff3b760a8..a91eafa87618 100644 --- a/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/models/_models_py3.py +++ b/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/models/_models_py3.py @@ -13,6 +13,121 @@ from msrest.exceptions import HttpOperationError +class CheckRestrictionsRequest(Model): + """The check policy restrictions parameters describing the resource that is + being evaluated. + + All required parameters must be populated in order to send to Azure. + + :param resource_details: Required. The information about the resource that + will be evaluated. + :type resource_details: + ~azure.mgmt.policyinsights.models.CheckRestrictionsResourceDetails + :param pending_fields: The list of fields and values that should be + evaluated for potential restrictions. + :type pending_fields: list[~azure.mgmt.policyinsights.models.PendingField] + """ + + _validation = { + 'resource_details': {'required': True}, + } + + _attribute_map = { + 'resource_details': {'key': 'resourceDetails', 'type': 'CheckRestrictionsResourceDetails'}, + 'pending_fields': {'key': 'pendingFields', 'type': '[PendingField]'}, + } + + def __init__(self, *, resource_details, pending_fields=None, **kwargs) -> None: + super(CheckRestrictionsRequest, self).__init__(**kwargs) + self.resource_details = resource_details + self.pending_fields = pending_fields + + +class CheckRestrictionsResourceDetails(Model): + """The information about the resource that will be evaluated. + + All required parameters must be populated in order to send to Azure. + + :param resource_content: Required. The resource content. This should + include whatever properties are already known and can be a partial set of + all resource properties. + :type resource_content: object + :param api_version: The api-version of the resource content. + :type api_version: str + :param scope: The scope where the resource is being created. For example, + if the resource is a child resource this would be the parent resource's + resource ID. + :type scope: str + """ + + _validation = { + 'resource_content': {'required': True}, + } + + _attribute_map = { + 'resource_content': {'key': 'resourceContent', 'type': 'object'}, + 'api_version': {'key': 'apiVersion', 'type': 'str'}, + 'scope': {'key': 'scope', 'type': 'str'}, + } + + def __init__(self, *, resource_content, api_version: str=None, scope: str=None, **kwargs) -> None: + super(CheckRestrictionsResourceDetails, self).__init__(**kwargs) + self.resource_content = resource_content + self.api_version = api_version + self.scope = scope + + +class CheckRestrictionsResult(Model): + """The result of a check policy restrictions evaluation on a resource. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar field_restrictions: The restrictions that will be placed on various + fields in the resource by policy. + :vartype field_restrictions: + list[~azure.mgmt.policyinsights.models.FieldRestrictions] + :ivar content_evaluation_result: Evaluation results for the provided + partial resource content. + :vartype content_evaluation_result: + ~azure.mgmt.policyinsights.models.CheckRestrictionsResultContentEvaluationResult + """ + + _validation = { + 'field_restrictions': {'readonly': True}, + 'content_evaluation_result': {'readonly': True}, + } + + _attribute_map = { + 'field_restrictions': {'key': 'fieldRestrictions', 'type': '[FieldRestrictions]'}, + 'content_evaluation_result': {'key': 'contentEvaluationResult', 'type': 'CheckRestrictionsResultContentEvaluationResult'}, + } + + def __init__(self, **kwargs) -> None: + super(CheckRestrictionsResult, self).__init__(**kwargs) + self.field_restrictions = None + self.content_evaluation_result = None + + +class CheckRestrictionsResultContentEvaluationResult(Model): + """Evaluation results for the provided partial resource content. + + :param policy_evaluations: Policy evaluation results against the given + resource content. This will indicate if the partial content that was + provided will be denied as-is. + :type policy_evaluations: + list[~azure.mgmt.policyinsights.models.PolicyEvaluationResult] + """ + + _attribute_map = { + 'policy_evaluations': {'key': 'policyEvaluations', 'type': '[PolicyEvaluationResult]'}, + } + + def __init__(self, *, policy_evaluations=None, **kwargs) -> None: + super(CheckRestrictionsResultContentEvaluationResult, self).__init__(**kwargs) + self.policy_evaluations = policy_evaluations + + class CloudError(Model): """CloudError. """ @@ -200,10 +315,15 @@ def __init__(self, deserialize, response, *args): class ExpressionEvaluationDetails(Model): """Evaluation details of policy language expressions. + Variables are only populated by the server, and will be ignored when + sending a request. + :param result: Evaluation result. :type result: str :param expression: Expression evaluated. :type expression: str + :ivar expression_kind: The kind of expression that was evaluated. + :vartype expression_kind: str :param path: Property path if the expression is a field or an alias. :type path: str :param expression_value: Value of the expression. @@ -216,9 +336,14 @@ class ExpressionEvaluationDetails(Model): :type operator: str """ + _validation = { + 'expression_kind': {'readonly': True}, + } + _attribute_map = { 'result': {'key': 'result', 'type': 'str'}, 'expression': {'key': 'expression', 'type': 'str'}, + 'expression_kind': {'key': 'expressionKind', 'type': 'str'}, 'path': {'key': 'path', 'type': 'str'}, 'expression_value': {'key': 'expressionValue', 'type': 'object'}, 'target_value': {'key': 'targetValue', 'type': 'object'}, @@ -229,12 +354,85 @@ def __init__(self, *, result: str=None, expression: str=None, path: str=None, ex super(ExpressionEvaluationDetails, self).__init__(**kwargs) self.result = result self.expression = expression + self.expression_kind = None self.path = path self.expression_value = expression_value self.target_value = target_value self.operator = operator +class FieldRestriction(Model): + """The restrictions on a field imposed by a specific policy. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar result: The type of restriction that is imposed on the field. + Possible values include: 'Required', 'Removed', 'Deny' + :vartype result: str or + ~azure.mgmt.policyinsights.models.FieldRestrictionResult + :ivar default_value: The value that policy will set for the field if the + user does not provide a value. + :vartype default_value: str + :ivar values: The values that policy either requires or denies for the + field. + :vartype values: list[str] + :ivar policy: The details of the policy that is causing the field + restriction. + :vartype policy: ~azure.mgmt.policyinsights.models.PolicyReference + """ + + _validation = { + 'result': {'readonly': True}, + 'default_value': {'readonly': True}, + 'values': {'readonly': True}, + 'policy': {'readonly': True}, + } + + _attribute_map = { + 'result': {'key': 'result', 'type': 'str'}, + 'default_value': {'key': 'defaultValue', 'type': 'str'}, + 'values': {'key': 'values', 'type': '[str]'}, + 'policy': {'key': 'policy', 'type': 'PolicyReference'}, + } + + def __init__(self, **kwargs) -> None: + super(FieldRestriction, self).__init__(**kwargs) + self.result = None + self.default_value = None + self.values = None + self.policy = None + + +class FieldRestrictions(Model): + """The restrictions that will be placed on a field in the resource by policy. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar field: The name of the field. This can be a top-level property like + 'name' or 'type' or an Azure Policy field alias. + :vartype field: str + :param restrictions: The restrictions placed on that field by policy. + :type restrictions: + list[~azure.mgmt.policyinsights.models.FieldRestriction] + """ + + _validation = { + 'field': {'readonly': True}, + } + + _attribute_map = { + 'field': {'key': 'field', 'type': 'str'}, + 'restrictions': {'key': 'restrictions', 'type': '[FieldRestriction]'}, + } + + def __init__(self, *, restrictions=None, **kwargs) -> None: + super(FieldRestrictions, self).__init__(**kwargs) + self.field = None + self.restrictions = restrictions + + class IfNotExistsEvaluationDetails(Model): """Evaluation details of IfNotExists effect. @@ -330,6 +528,35 @@ def __init__(self, *, odatacount: int=None, value=None, **kwargs) -> None: self.value = value +class PendingField(Model): + """A field that should be evaluated against Azure Policy to determine + restrictions. + + All required parameters must be populated in order to send to Azure. + + :param field: Required. The name of the field. This can be a top-level + property like 'name' or 'type' or an Azure Policy field alias. + :type field: str + :param values: The list of potential values for the field that should be + evaluated against Azure Policy. + :type values: list[str] + """ + + _validation = { + 'field': {'required': True}, + } + + _attribute_map = { + 'field': {'key': 'field', 'type': 'str'}, + 'values': {'key': 'values', 'type': '[str]'}, + } + + def __init__(self, *, field: str, values=None, **kwargs) -> None: + super(PendingField, self).__init__(**kwargs) + self.field = field + self.values = values + + class PolicyAssignmentSummary(Model): """Policy assignment summary. @@ -469,6 +696,44 @@ def __init__(self, *, evaluated_expressions=None, if_not_exists_details=None, ** self.if_not_exists_details = if_not_exists_details +class PolicyEvaluationResult(Model): + """The result of a non-compliant policy evaluation against the given resource + content. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar policy_info: The details of the policy that was evaluated. + :vartype policy_info: ~azure.mgmt.policyinsights.models.PolicyReference + :ivar evaluation_result: The result of the policy evaluation against the + resource. This will typically be 'NonCompliant' but may contain other + values if errors were encountered. + :vartype evaluation_result: str + :ivar evaluation_details: The detailed results of the policy expressions + and values that were evaluated. + :vartype evaluation_details: + ~azure.mgmt.policyinsights.models.PolicyEvaluationDetails + """ + + _validation = { + 'policy_info': {'readonly': True}, + 'evaluation_result': {'readonly': True}, + 'evaluation_details': {'readonly': True}, + } + + _attribute_map = { + 'policy_info': {'key': 'policyInfo', 'type': 'PolicyReference'}, + 'evaluation_result': {'key': 'evaluationResult', 'type': 'str'}, + 'evaluation_details': {'key': 'evaluationDetails', 'type': 'PolicyEvaluationDetails'}, + } + + def __init__(self, **kwargs) -> None: + super(PolicyEvaluationResult, self).__init__(**kwargs) + self.policy_info = None + self.evaluation_result = None + self.evaluation_details = None + + class PolicyEvent(Model): """Policy event record. @@ -720,6 +985,48 @@ def __init__(self, **kwargs) -> None: self.name = None +class PolicyReference(Model): + """Resource identifiers for a policy. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar policy_definition_id: The resource identifier of the policy + definition. + :vartype policy_definition_id: str + :ivar policy_set_definition_id: The resource identifier of the policy set + definition. + :vartype policy_set_definition_id: str + :ivar policy_definition_reference_id: The reference identifier of a + specific policy definition within a policy set definition. + :vartype policy_definition_reference_id: str + :ivar policy_assignment_id: The resource identifier of the policy + assignment. + :vartype policy_assignment_id: str + """ + + _validation = { + 'policy_definition_id': {'readonly': True}, + 'policy_set_definition_id': {'readonly': True}, + 'policy_definition_reference_id': {'readonly': True}, + 'policy_assignment_id': {'readonly': True}, + } + + _attribute_map = { + 'policy_definition_id': {'key': 'policyDefinitionId', 'type': 'str'}, + 'policy_set_definition_id': {'key': 'policySetDefinitionId', 'type': 'str'}, + 'policy_definition_reference_id': {'key': 'policyDefinitionReferenceId', 'type': 'str'}, + 'policy_assignment_id': {'key': 'policyAssignmentId', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(PolicyReference, self).__init__(**kwargs) + self.policy_definition_id = None + self.policy_set_definition_id = None + self.policy_definition_reference_id = None + self.policy_assignment_id = None + + class PolicyState(Model): """Policy state record. diff --git a/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/models/_policy_insights_client_enums.py b/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/models/_policy_insights_client_enums.py index 887a3cd293b8..163b1827381d 100644 --- a/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/models/_policy_insights_client_enums.py +++ b/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/models/_policy_insights_client_enums.py @@ -18,6 +18,13 @@ class ResourceDiscoveryMode(str, Enum): re_evaluate_compliance = "ReEvaluateCompliance" #: Re-evaluate the compliance state of resources and then remediate the resources found to be non-compliant. +class FieldRestrictionResult(str, Enum): + + required = "Required" #: The field and/or values are required by policy. + removed = "Removed" #: The field will be removed by policy. + deny = "Deny" #: The field and/or values will be denied by policy. + + class PolicyStatesResource(str, Enum): default = "default" diff --git a/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/operations/__init__.py b/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/operations/__init__.py index 65d536557fe1..06de99f5766e 100644 --- a/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/operations/__init__.py +++ b/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/operations/__init__.py @@ -15,6 +15,7 @@ from ._policy_states_operations import PolicyStatesOperations from ._operations import Operations from ._policy_metadata_operations import PolicyMetadataOperations +from ._policy_restrictions_operations import PolicyRestrictionsOperations __all__ = [ 'PolicyTrackedResourcesOperations', @@ -23,4 +24,5 @@ 'PolicyStatesOperations', 'Operations', 'PolicyMetadataOperations', + 'PolicyRestrictionsOperations', ] diff --git a/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/operations/_policy_restrictions_operations.py b/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/operations/_policy_restrictions_operations.py new file mode 100644 index 000000000000..f089f2afc872 --- /dev/null +++ b/sdk/policyinsights/azure-mgmt-policyinsights/azure/mgmt/policyinsights/operations/_policy_restrictions_operations.py @@ -0,0 +1,186 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse + +from .. import models + + +class PolicyRestrictionsOperations(object): + """PolicyRestrictionsOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: The API version to use for this operation. Constant value: "2020-07-01". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2020-07-01" + + self.config = config + + def check_at_subscription_scope( + self, subscription_id, resource_details, pending_fields=None, custom_headers=None, raw=False, **operation_config): + """Checks what restrictions Azure Policy will place on a resource within a + subscription. + + :param subscription_id: The ID of the target subscription. + :type subscription_id: str + :param resource_details: The information about the resource that will + be evaluated. + :type resource_details: + ~azure.mgmt.policyinsights.models.CheckRestrictionsResourceDetails + :param pending_fields: The list of fields and values that should be + evaluated for potential restrictions. + :type pending_fields: + list[~azure.mgmt.policyinsights.models.PendingField] + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: CheckRestrictionsResult or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.policyinsights.models.CheckRestrictionsResult or + ~msrest.pipeline.ClientRawResponse + :raises: + :class:`ErrorResponseException` + """ + parameters = models.CheckRestrictionsRequest(resource_details=resource_details, pending_fields=pending_fields) + + # Construct URL + url = self.check_at_subscription_scope.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("subscription_id", subscription_id, 'str', min_length=1) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str', min_length=1) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(parameters, 'CheckRestrictionsRequest') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + raise models.ErrorResponseException(self._deserialize, response) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CheckRestrictionsResult', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + check_at_subscription_scope.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions'} + + def check_at_resource_group_scope( + self, subscription_id, resource_group_name, resource_details, pending_fields=None, custom_headers=None, raw=False, **operation_config): + """Checks what restrictions Azure Policy will place on a resource within a + resource group. Use this when the resource group the resource will be + created in is already known. + + :param subscription_id: The ID of the target subscription. + :type subscription_id: str + :param resource_group_name: The name of the resource group. The name + is case insensitive. + :type resource_group_name: str + :param resource_details: The information about the resource that will + be evaluated. + :type resource_details: + ~azure.mgmt.policyinsights.models.CheckRestrictionsResourceDetails + :param pending_fields: The list of fields and values that should be + evaluated for potential restrictions. + :type pending_fields: + list[~azure.mgmt.policyinsights.models.PendingField] + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: CheckRestrictionsResult or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.policyinsights.models.CheckRestrictionsResult or + ~msrest.pipeline.ClientRawResponse + :raises: + :class:`ErrorResponseException` + """ + parameters = models.CheckRestrictionsRequest(resource_details=resource_details, pending_fields=pending_fields) + + # Construct URL + url = self.check_at_resource_group_scope.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("subscription_id", subscription_id, 'str', min_length=1), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str', min_length=1) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(parameters, 'CheckRestrictionsRequest') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + raise models.ErrorResponseException(self._deserialize, response) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CheckRestrictionsResult', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + check_at_resource_group_scope.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions'}