TypeSpec conversion for Purview Policy (Azure#26460)

* Initial Purview Policy TypeSpec conversion * Update examples * Fixing doc, ProxyResource and other fixes * Fixing output * Fixing example values * fix example values * Fixing addition of name * Fixing prettier on example json * Adding {scope} backcompat override * Fix model validation * Fixing model errors * Fixing format error * Work around scope size bug
ericasp16 · Feb 15, 2024 · bbcbeaf · bbcbeaf
1 parent cec34cc
commit bbcbeaf
Show file tree

Hide file tree

Showing 12 changed files with 570 additions and 214 deletions.
diff --git a/specification/purviewpolicy/PurviewPolicy.Management/backcompat.tsp b/specification/purviewpolicy/PurviewPolicy.Management/backcompat.tsp
@@ -0,0 +1,15 @@
+import "@typespec/http";
+import "@azure-tools/typespec-azure-resource-manager";
+
+using TypeSpec.Http;
+using Azure.ResourceManager;
+
+@@path(ResourceUriParameter.resourceUri, "scope");
+@@Azure.ResourceManager.Private.armCommonParameter(ResourceUriParameter.resourceUri,
+  "ScopeParameter",
+  Azure.ResourceManager.CommonTypes.Versions.v5
+);
+
+@@doc(Azure.ResourceManager.ResourceUriParameter.resourceUri,
+  "The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'"
+);
diff --git a/.../PurviewPolicy.Management/examples/2023-06-01-preview/Operations_List_MaximumSet_Gen.json b/.../PurviewPolicy.Management/examples/2023-06-01-preview/Operations_List_MaximumSet_Gen.json
@@ -0,0 +1,28 @@
+{
+  "title": "Operations_List - generated by [MaximumSet] rule - generated by [MaximumSet] rule",
+  "operationId": "Operations_List",
+  "parameters": {
+    "api-version": "2023-06-01-preview"
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "value": [
+          {
+            "name": "Microsoft.Purview/operations/read",
+            "display": {
+              "provider": "Microsoft Purview",
+              "resource": "Operations",
+              "operation": "Read all operations",
+              "description": "ybbxwadhxjnogglp"
+            },
+            "isDataAction": true,
+            "origin": "user",
+            "actionType": "Internal"
+          }
+        ],
+        "nextLink": "https://management.azure.com/providers/Microsoft.Purview/operations?api-version=2023-06-01-preview&$skiptoken=asdreg"
+      }
+    }
+  }
+}
diff --git a/.../PurviewPolicy.Management/examples/2023-06-01-preview/Operations_List_MinimumSet_Gen.json b/.../PurviewPolicy.Management/examples/2023-06-01-preview/Operations_List_MinimumSet_Gen.json
@@ -0,0 +1,12 @@
+{
+  "title": "Operations_List - generated by [MinimumSet] rule",
+  "operationId": "Operations_List",
+  "parameters": {
+    "api-version": "2023-06-01-preview"
+  },
+  "responses": {
+    "200": {
+      "body": {}
+    }
+  }
+}
diff --git a/...23-06-01-preview/examples/PolicyList.json → .../PurviewPolicies_List_MaximumSet_Gen.json b/...23-06-01-preview/examples/PolicyList.json → .../PurviewPolicies_List_MaximumSet_Gen.json
@@ -1,28 +1,24 @@
 {
+  "title": "API to list the purview RBAC policies based on a scope - generated by [MaximumSet] rule - generated by [MaximumSet] rule",
+  "operationId": "PurviewPolicies_List",
   "parameters": {
-    "scope": "subscriptions/24d273df-8743-42fe-b46b-a84c558e3045/resourceGroups/policystore-df-rg-wus/providers/Microsoft.Storage/storageAccounts/teststorageacc",
-    "skipToken": null,
-    "api-version": "2023-06-01-preview"
+    "api-version": "2023-06-01-preview",
+    "scope": "subscriptions/aaaaaaaa/resourceGroups/rg1/providers/Microsoft.Storage/storageAccounts/sacc",
+    "skipToken": "zwpwpcjydxkwllf",
+    "$filter": "peu"
   },
   "responses": {
     "200": {
-      "headers": {
-        "Date": "Wed, 09 May 2023 18:04:32 GMT",
-        "x-ms-request-id": "d5496da4-9c52-402f-b067-83cc9ddea888",
-        "X-Content-Type-Options": "nosniff",
-        "x-ms-ratelimit-remaining-tenant-reads": "14999",
-        "x-ms-correlation-request-id": "25c78f97-0b0a-4fe9-ad39-883a482265cd"
-      },
       "body": {
         "value": [
           {
             "name": "f455d3a9-cc50-4094-b6f3-5cdac75a1460",
-            "id": "/subscriptions/24d273df-8743-42fe-b46b-a84c558e3045/resourceGroups/policystore-df-rg-wus/providers/Microsoft.Storage/storageAccounts/teststorageacc/providers/Microsoft.Purview/policies/f455d3a9-cc50-4094-b6f3-5cdac75a1460",
+            "id": "/subscriptions/24d273df-8743-42fe-b46b-a84c558e3045/resourceGroups/rg1/providers/Microsoft.Storage/storageAccounts/sacc/providers/Microsoft.Purview/policies/f455d3a9-cc50-4094-b6f3-5cdac75a1460",
             "kind": "Policy",
             "source": "Purview.SelfService",
             "etag": "1",
             "scopes": [
-              "subscriptions/24d273df-8743-42fe-b46b-a84c558e3045/resourceGroups/policystore-df-rg-wus/**"
+              "subscriptions/24d273df-8743-42fe-b46b-a84c558e3045/resourceGroups/rg1/**"
             ],
             "decisionRules": [
               {
@@ -54,16 +50,19 @@
               ]
             },
             "expiryTime": "2023-04-28T00:00:00Z",
-            "requestor": null,
+            "requestor": "uusrtcysttmpokyeebaqv",
             "systemData": {
               "createdBy": "5b3a30f8-dee3-4a5e-bf48-feddbdf174b1",
               "createdAt": "2023-05-02T04:58:18.8659554Z",
               "lastModifiedBy": "5b3a30f8-dee3-4a5e-bf48-feddbdf174b1",
-              "lastModifiedAt": "2023-05-02T04:58:52.6114238Z"
-            }
+              "lastModifiedAt": "2023-05-02T04:58:52.6114238Z",
+              "createdByType": "User",
+              "lastModifiedByType": "User"
+            },
+            "type": "nhu"
           }
         ],
-        "nextLink": "testPagingKey"
+        "nextLink": "https://management.azure.com/subscriptions/6b052e15-03d3-4f17-b2e1-be7f07588291/resourceGroups/exampleRG/providers/Microsoft.Compute/virtualMachines/exampleVM/providers/Microsoft.Purview/policies?api-version=2023-06-01-preview&$skiptoken=asdreg"
       }
     }
   }

diff --git a/specification/purviewpolicy/PurviewPolicy.Management/main.tsp b/specification/purviewpolicy/PurviewPolicy.Management/main.tsp
@@ -0,0 +1,32 @@
+import "@typespec/rest";
+import "@typespec/versioning";
+import "@azure-tools/typespec-azure-core";
+import "@azure-tools/typespec-azure-resource-manager";
+import "./policy.tsp";
+import "./backcompat.tsp";
+
+using TypeSpec.Rest;
+using TypeSpec.Http;
+using Azure.ResourceManager.Foundations;
+using Azure.Core;
+using Azure.ResourceManager;
+using TypeSpec.Versioning;
+
+/** Creates a Microsoft.Purview management client. */
+@armProviderNamespace
+@service({
+  title: "PurviewPolicyClient",
+})
+@versioned(Versions)
+@armCommonTypesVersion(Azure.ResourceManager.CommonTypes.Versions.v5)
+namespace Microsoft.Purview;
+
+/** The available API versions. */
+enum Versions {
+  /** 2023-06-01-preview version */
+  @useDependency(Azure.ResourceManager.Versions.v1_0_Preview_1)
+  @useDependency(Azure.Core.Versions.v1_0_Preview_1)
+  v2023_06_01_preview: "2023-06-01-preview",
+}
+
+interface Operations extends Azure.ResourceManager.Operations {}
diff --git a/specification/purviewpolicy/PurviewPolicy.Management/policy.tsp b/specification/purviewpolicy/PurviewPolicy.Management/policy.tsp
@@ -0,0 +1,142 @@
+import "@typespec/rest";
+import "@typespec/http";
+import "@typespec/openapi";
+import "@azure-tools/typespec-azure-core";
+import "@azure-tools/typespec-azure-resource-manager";
+
+using Rest;
+using Http;
+using OpenAPI;
+using Azure.ResourceManager;
+
+namespace Microsoft.Purview;
+
+@armResourceOperations
+interface PurviewPolicies {
+  /** The API lists the Azure purview RBAC policies affecting the scope. The scope can be any valid ARM resource id */
+  @summary("API to list the purview RBAC policies based on a scope")
+  @tag("PolicyListing")
+  list is ArmResourceListByParent<
+    Policy,
+    {
+      ...Foundations.BaseParameters<Policy>;
+      ...SkipTokenParameter;
+
+      /** Supported filters : $filter=policyType eq SelfService, $filter=policyType eq SqlDevops. Returns only the policies of the specified type. If not specified, all policies are returned. */
+      @extension("x-ms-skip-url-encoding", true)
+      @query("$filter")
+      filter?: string;
+    }
+  >;
+}
+
+/** The skipToken parameter definition. */
+model SkipTokenParameter {
+  /** Paging key to paginate to next page. */
+  @extension("x-ms-parameter-location", "method")
+  @query
+  skipToken?: string;
+}
+
+/** The objectType of the member. */
+enum ObjectType {
+  /** AAD User object type. */
+  User,
+
+  /** AAD Group object type. */
+  Group,
+
+  /** Service Principal object type. */
+  ServicePrincipal,
+}
+
+/** The effect for rule */
+enum Decision {
+  /** Access permitted */
+  Permit,
+
+  /** Access denied */
+  Deny,
+}
+
+/** A paginated list of purview RBAC policies */
+model PolicyList is Azure.Core.Page<Policy>;
+
+/** Purview RBAC policy */
+#suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "Special ARM resource with no property bag"
+@extensionResource
+@segment("policies")
+model Policy extends Azure.ResourceManager.Foundations.ProxyResourceBase {
+  /** The policy kind */
+  kind?: string;
+
+  /** The policy source */
+  source: string;
+
+  /** The etag version of a policy */
+  etag: string;
+
+  /** Array of scopes where the policy is published */
+  scopes: string[];
+
+  /** Members of the policy */
+  members: PolicyMembers;
+
+  /** Array of decision rules for the policy */
+  decisionRules: PolicyDecisionRule[];
+
+  /** The timestamp of the expiry time of the policy (UTC). */
+  // FIXME: (utcDateTime) Please double check that this is the correct type for your scenario.
+  expiryTime?: utcDateTime;
+
+  /** The AAD member who requested the policy */
+  requestor?: string;
+}
+
+/** Policy member */
+model PolicyMembers {
+  /** Array of azure active directory members */
+  fabricItemMembers?: FabricItemMember[];
+
+  /** Array of azure active directory members */
+  aadMembers?: AadMember[];
+}
+
+/** Microsoft fabric item member */
+model FabricItemMember {
+  /** Source path of the member */
+  sourcePath?: string;
+
+  /** Array of access items for the member */
+  itemAccess?: string[];
+}
+
+/** Azure active directory member */
+model AadMember {
+  /** The tenantId of the member */
+  tenantId?: string;
+
+  /** The objectId of the member */
+  objectId?: string;
+
+  /** The objectType of the member. */
+  objectType?: ObjectType;
+}
+
+/** Purview RBAC policy decision rule */
+model PolicyDecisionRule {
+  /** The effect for rule */
+  effect: Decision;
+
+  /** Array of attribute predicates */
+  permission?: AttributePredicate[];
+}
+
+/** Attribute predicate for a policy permission */
+model AttributePredicate {
+  /** AttributeName of a policy permission */
+  attributeName?: string;
+
+  /** values for a policy permission */
+  attributeValueIncludedIn?: string[];
+}
diff --git a/specification/purviewpolicy/PurviewPolicy.Management/tspconfig.yaml b/specification/purviewpolicy/PurviewPolicy.Management/tspconfig.yaml
@@ -0,0 +1,12 @@
+emit:
+  - "@azure-tools/typespec-autorest"
+options:
+  "@azure-tools/typespec-autorest":
+    emitter-output-dir: "{project-root}/.."
+    azure-resource-provider-folder: "resource-manager"
+    output-file: "{azure-resource-provider-folder}/{service-name}/{version-status}/{version}/policy.json"
+    examples-directory: "{project-root}/examples"
+    omit-unreachable-types: true
+linter:
+  extends:
+    - "@azure-tools/typespec-azure-resource-manager/all"
diff --git a/...source-manager/Microsoft.Purview/preview/2023-06-01-preview/examples/Operations_List.json b/...source-manager/Microsoft.Purview/preview/2023-06-01-preview/examples/Operations_List.json
diff --git a/...Microsoft.Purview/preview/2023-06-01-preview/examples/Operations_List_MaximumSet_Gen.json b/...Microsoft.Purview/preview/2023-06-01-preview/examples/Operations_List_MaximumSet_Gen.json
@@ -0,0 +1,28 @@
+{
+  "title": "Operations_List - generated by [MaximumSet] rule - generated by [MaximumSet] rule",
+  "operationId": "Operations_List",
+  "parameters": {
+    "api-version": "2023-06-01-preview"
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "value": [
+          {
+            "name": "Microsoft.Purview/operations/read",
+            "display": {
+              "provider": "Microsoft Purview",
+              "resource": "Operations",
+              "operation": "Read all operations",
+              "description": "ybbxwadhxjnogglp"
+            },
+            "isDataAction": true,
+            "origin": "user",
+            "actionType": "Internal"
+          }
+        ],
+        "nextLink": "https://management.azure.com/providers/Microsoft.Purview/operations?api-version=2023-06-01-preview&$skiptoken=asdreg"
+      }
+    }
+  }
+}
diff --git a/...Microsoft.Purview/preview/2023-06-01-preview/examples/Operations_List_MinimumSet_Gen.json b/...Microsoft.Purview/preview/2023-06-01-preview/examples/Operations_List_MinimumSet_Gen.json
@@ -0,0 +1,12 @@
+{
+  "title": "Operations_List - generated by [MinimumSet] rule",
+  "operationId": "Operations_List",
+  "parameters": {
+    "api-version": "2023-06-01-preview"
+  },
+  "responses": {
+    "200": {
+      "body": {}
+    }
+  }
+}