From 9ffeb842cad476b8868a41d3473290a3d79998cf Mon Sep 17 00:00:00 2001 From: SDKAuto Date: Wed, 28 Apr 2021 08:31:47 +0000 Subject: [PATCH] CodeGen from PR 14092 in Azure/azure-rest-api-specs Pick up previous Swagger Fix in 2019-09-01 version (#14092) * Add missing swagger fix * Fix bad copy-paste * update the some capitalized words in the description --- schemas/2015-06-01/Microsoft.KeyVault.json | 357 ---- schemas/2016-10-01/Microsoft.KeyVault.json | 735 ------- .../Microsoft.KeyVault.json | 838 -------- schemas/2018-02-14/Microsoft.KeyVault.json | 1002 ---------- schemas/2019-09-01/Microsoft.KeyVault.json | 1315 ------------- .../Microsoft.KeyVault.json | 1262 ------------ .../Microsoft.KeyVault.json | 1707 ----------------- schemas/common/autogeneratedResources.json | 81 - 8 files changed, 7297 deletions(-) delete mode 100644 schemas/2015-06-01/Microsoft.KeyVault.json delete mode 100644 schemas/2016-10-01/Microsoft.KeyVault.json delete mode 100644 schemas/2018-02-14-preview/Microsoft.KeyVault.json delete mode 100644 schemas/2018-02-14/Microsoft.KeyVault.json delete mode 100644 schemas/2019-09-01/Microsoft.KeyVault.json delete mode 100644 schemas/2020-04-01-preview/Microsoft.KeyVault.json delete mode 100644 schemas/2021-04-01-preview/Microsoft.KeyVault.json diff --git a/schemas/2015-06-01/Microsoft.KeyVault.json b/schemas/2015-06-01/Microsoft.KeyVault.json deleted file mode 100644 index db05f2fcfc..0000000000 --- a/schemas/2015-06-01/Microsoft.KeyVault.json +++ /dev/null @@ -1,357 +0,0 @@ -{ - "id": "https://schema.management.azure.com/schemas/2015-06-01/Microsoft.KeyVault.json#", - "$schema": "http://json-schema.org/draft-04/schema#", - "title": "Microsoft.KeyVault", - "description": "Microsoft KeyVault Resource Types", - "resourceDefinitions": { - "vaults": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2015-06-01" - ] - }, - "location": { - "type": "string", - "description": "The supported Azure location where the key vault should be created." - }, - "name": { - "oneOf": [ - { - "type": "string", - "pattern": "^[a-zA-Z0-9-]{3,24}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the vault" - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/VaultProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the vault" - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The tags that will be assigned to the key vault. " - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/vaults" - ] - } - }, - "required": [ - "apiVersion", - "location", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults" - } - }, - "definitions": { - "AccessPolicyEntry": { - "type": "object", - "properties": { - "applicationId": { - "oneOf": [ - { - "type": "string", - "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": " Application ID of the client making request on behalf of a principal" - }, - "objectId": { - "type": "string", - "description": "The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies." - }, - "permissions": { - "oneOf": [ - { - "$ref": "#/definitions/Permissions" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions the identity has for keys, secrets and certificates." - }, - "tenantId": { - "oneOf": [ - { - "type": "string", - "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault." - } - }, - "required": [ - "objectId", - "permissions", - "tenantId" - ], - "description": "An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID." - }, - "Permissions": { - "type": "object", - "properties": { - "certificates": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "all", - "get", - "list", - "delete", - "create", - "import", - "update", - "managecontacts", - "getissuers", - "listissuers", - "setissuers", - "deleteissuers", - "manageissuers", - "recover", - "purge" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to certificates" - }, - "keys": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "all", - "encrypt", - "decrypt", - "wrapKey", - "unwrapKey", - "sign", - "verify", - "get", - "list", - "create", - "update", - "import", - "delete", - "backup", - "restore", - "recover", - "purge" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to keys" - }, - "secrets": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "all", - "get", - "list", - "set", - "delete", - "backup", - "restore", - "recover", - "purge" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to secrets" - } - }, - "description": "Permissions the identity has for keys, secrets and certificates." - }, - "Sku": { - "type": "object", - "properties": { - "family": { - "oneOf": [ - { - "type": "string", - "enum": [ - "A" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU family name" - }, - "name": { - "oneOf": [ - { - "type": "string", - "enum": [ - "standard", - "premium" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU name to specify whether the key vault is a standard vault or a premium vault." - } - }, - "required": [ - "family", - "name" - ], - "description": "SKU details" - }, - "VaultProperties": { - "type": "object", - "properties": { - "accessPolicies": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/AccessPolicyEntry" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID." - }, - "enabledForDeployment": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault." - }, - "enabledForDiskEncryption": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys." - }, - "enabledForTemplateDeployment": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault." - }, - "enableSoftDelete": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether the 'soft delete' functionality is enabled for this key vault." - }, - "sku": { - "oneOf": [ - { - "$ref": "#/definitions/Sku" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU details" - }, - "tenantId": { - "oneOf": [ - { - "type": "string", - "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault." - }, - "vaultUri": { - "type": "string", - "description": "The URI of the vault for performing operations on keys and secrets." - } - }, - "required": [ - "accessPolicies", - "sku", - "tenantId" - ], - "description": "Properties of the vault" - } - } -} \ No newline at end of file diff --git a/schemas/2016-10-01/Microsoft.KeyVault.json b/schemas/2016-10-01/Microsoft.KeyVault.json deleted file mode 100644 index f460ece338..0000000000 --- a/schemas/2016-10-01/Microsoft.KeyVault.json +++ /dev/null @@ -1,735 +0,0 @@ -{ - "id": "https://schema.management.azure.com/schemas/2016-10-01/Microsoft.KeyVault.json#", - "$schema": "http://json-schema.org/draft-04/schema#", - "title": "Microsoft.KeyVault", - "description": "Microsoft KeyVault Resource Types", - "resourceDefinitions": { - "vaults": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2016-10-01" - ] - }, - "location": { - "type": "string", - "description": "The supported Azure location where the key vault should be created." - }, - "name": { - "oneOf": [ - { - "type": "string", - "pattern": "^[a-zA-Z0-9-]{3,24}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the vault" - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/VaultProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the vault" - }, - "resources": { - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/definitions/vaults_accessPolicies_childResource" - }, - { - "$ref": "#/definitions/vaults_secrets_childResource" - } - ] - } - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The tags that will be assigned to the key vault." - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/vaults" - ] - } - }, - "required": [ - "apiVersion", - "location", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults" - }, - "vaults_accessPolicies": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2016-10-01" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "enum": [ - "add", - "replace", - "remove" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the operation." - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/VaultAccessPolicyProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the vault access policy" - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/vaults/accessPolicies" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/accessPolicies" - }, - "vaults_secrets": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2016-10-01" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "pattern": "^[a-zA-Z0-9-]{1,127}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the secret" - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/SecretProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the secret" - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The tags that will be assigned to the secret. " - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/vaults/secrets" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/secrets" - } - }, - "definitions": { - "AccessPolicyEntry": { - "type": "object", - "properties": { - "applicationId": { - "oneOf": [ - { - "type": "string", - "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": " Application ID of the client making request on behalf of a principal" - }, - "objectId": { - "type": "string", - "description": "The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies." - }, - "permissions": { - "oneOf": [ - { - "$ref": "#/definitions/Permissions" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions the identity has for keys, secrets, certificates and storage." - }, - "tenantId": { - "oneOf": [ - { - "type": "string", - "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault." - } - }, - "required": [ - "objectId", - "permissions", - "tenantId" - ], - "description": "An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID." - }, - "Permissions": { - "type": "object", - "properties": { - "certificates": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "get", - "list", - "delete", - "create", - "import", - "update", - "managecontacts", - "getissuers", - "listissuers", - "setissuers", - "deleteissuers", - "manageissuers", - "recover", - "purge" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to certificates" - }, - "keys": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "encrypt", - "decrypt", - "wrapKey", - "unwrapKey", - "sign", - "verify", - "get", - "list", - "create", - "update", - "import", - "delete", - "backup", - "restore", - "recover", - "purge" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to keys" - }, - "secrets": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "get", - "list", - "set", - "delete", - "backup", - "restore", - "recover", - "purge" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to secrets" - }, - "storage": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "get", - "list", - "delete", - "set", - "update", - "regeneratekey", - "recover", - "purge", - "backup", - "restore", - "setsas", - "listsas", - "getsas", - "deletesas" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to storage accounts" - } - }, - "description": "Permissions the identity has for keys, secrets, certificates and storage." - }, - "SecretAttributes": { - "type": "object", - "properties": { - "enabled": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Determines whether the object is enabled." - }, - "exp": { - "oneOf": [ - { - "type": "integer" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Expiry date in seconds since 1970-01-01T00:00:00Z." - }, - "nbf": { - "oneOf": [ - { - "type": "integer" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Not before date in seconds since 1970-01-01T00:00:00Z." - } - }, - "description": "The secret management attributes." - }, - "SecretProperties": { - "type": "object", - "properties": { - "attributes": { - "oneOf": [ - { - "$ref": "#/definitions/SecretAttributes" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The secret management attributes." - }, - "contentType": { - "type": "string", - "description": "The content type of the secret." - }, - "value": { - "type": "string", - "description": "The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets." - } - }, - "description": "Properties of the secret" - }, - "Sku": { - "type": "object", - "properties": { - "family": { - "oneOf": [ - { - "type": "string", - "enum": [ - "A" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU family name" - }, - "name": { - "oneOf": [ - { - "type": "string", - "enum": [ - "standard", - "premium" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU name to specify whether the key vault is a standard vault or a premium vault." - } - }, - "required": [ - "family", - "name" - ], - "description": "SKU details" - }, - "VaultAccessPolicyProperties": { - "type": "object", - "properties": { - "accessPolicies": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/AccessPolicyEntry" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID." - } - }, - "required": [ - "accessPolicies" - ], - "description": "Properties of the vault access policy" - }, - "VaultProperties": { - "type": "object", - "properties": { - "accessPolicies": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/AccessPolicyEntry" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required." - }, - "createMode": { - "oneOf": [ - { - "type": "string", - "enum": [ - "recover", - "default" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The vault's create mode to indicate whether the vault need to be recovered or not." - }, - "enabledForDeployment": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault." - }, - "enabledForDiskEncryption": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys." - }, - "enabledForTemplateDeployment": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault." - }, - "enablePurgeProtection": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value." - }, - "enableSoftDelete": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property specifying whether recoverable deletion is enabled for this key vault. Setting this property to true activates the soft delete feature, whereby vaults or vault entities can be recovered after deletion. Enabling this functionality is irreversible - that is, the property does not accept false as its value." - }, - "sku": { - "oneOf": [ - { - "$ref": "#/definitions/Sku" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU details" - }, - "tenantId": { - "oneOf": [ - { - "type": "string", - "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault." - }, - "vaultUri": { - "type": "string", - "description": "The URI of the vault for performing operations on keys and secrets." - } - }, - "required": [ - "sku", - "tenantId" - ], - "description": "Properties of the vault" - }, - "vaults_accessPolicies_childResource": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2016-10-01" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "enum": [ - "add", - "replace", - "remove" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the operation." - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/VaultAccessPolicyProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the vault access policy" - }, - "type": { - "type": "string", - "enum": [ - "accessPolicies" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/accessPolicies" - }, - "vaults_secrets_childResource": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2016-10-01" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "pattern": "^[a-zA-Z0-9-]{1,127}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the secret" - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/SecretProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the secret" - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The tags that will be assigned to the secret. " - }, - "type": { - "type": "string", - "enum": [ - "secrets" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/secrets" - } - } -} \ No newline at end of file diff --git a/schemas/2018-02-14-preview/Microsoft.KeyVault.json b/schemas/2018-02-14-preview/Microsoft.KeyVault.json deleted file mode 100644 index 6e28efd418..0000000000 --- a/schemas/2018-02-14-preview/Microsoft.KeyVault.json +++ /dev/null @@ -1,838 +0,0 @@ -{ - "id": "https://schema.management.azure.com/schemas/2018-02-14-preview/Microsoft.KeyVault.json#", - "$schema": "http://json-schema.org/draft-04/schema#", - "title": "Microsoft.KeyVault", - "description": "Microsoft KeyVault Resource Types", - "resourceDefinitions": { - "vaults": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2018-02-14-preview" - ] - }, - "location": { - "type": "string", - "description": "The supported Azure location where the key vault should be created." - }, - "name": { - "oneOf": [ - { - "type": "string", - "pattern": "^[a-zA-Z0-9-]{3,24}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the vault" - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/VaultProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the vault" - }, - "resources": { - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/definitions/vaults_accessPolicies_childResource" - }, - { - "$ref": "#/definitions/vaults_secrets_childResource" - } - ] - } - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The tags that will be assigned to the key vault." - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/vaults" - ] - } - }, - "required": [ - "apiVersion", - "location", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults" - }, - "vaults_accessPolicies": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2018-02-14-preview" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "enum": [ - "add", - "replace", - "remove" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the operation." - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/VaultAccessPolicyProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the vault access policy" - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/vaults/accessPolicies" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/accessPolicies" - }, - "vaults_secrets": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2018-02-14-preview" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "pattern": "^[a-zA-Z0-9-]{1,127}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the secret" - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/SecretProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the secret" - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The tags that will be assigned to the secret. " - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/vaults/secrets" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/secrets" - } - }, - "definitions": { - "AccessPolicyEntry": { - "type": "object", - "properties": { - "applicationId": { - "oneOf": [ - { - "type": "string", - "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": " Application ID of the client making request on behalf of a principal" - }, - "objectId": { - "type": "string", - "description": "The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies." - }, - "permissions": { - "oneOf": [ - { - "$ref": "#/definitions/Permissions" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions the identity has for keys, secrets, certificates and storage." - }, - "tenantId": { - "oneOf": [ - { - "type": "string", - "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault." - } - }, - "required": [ - "objectId", - "permissions", - "tenantId" - ], - "description": "An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID." - }, - "IPRule": { - "type": "object", - "properties": { - "value": { - "type": "string", - "description": "An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78)." - } - }, - "required": [ - "value" - ], - "description": "A rule governing the accessibility of a vault from a specific ip address or ip range." - }, - "NetworkRuleSet": { - "type": "object", - "properties": { - "bypass": { - "oneOf": [ - { - "type": "string", - "enum": [ - "AzureServices", - "None" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'." - }, - "defaultAction": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Allow", - "Deny" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated." - }, - "ipRules": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/IPRule" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The list of IP address rules." - }, - "virtualNetworkRules": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/VirtualNetworkRule" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The list of virtual network rules." - } - }, - "description": "A set of rules governing the network accessibility of a vault." - }, - "Permissions": { - "type": "object", - "properties": { - "certificates": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "get", - "list", - "delete", - "create", - "import", - "update", - "managecontacts", - "getissuers", - "listissuers", - "setissuers", - "deleteissuers", - "manageissuers", - "recover", - "purge", - "backup", - "restore" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to certificates" - }, - "keys": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "encrypt", - "decrypt", - "wrapKey", - "unwrapKey", - "sign", - "verify", - "get", - "list", - "create", - "update", - "import", - "delete", - "backup", - "restore", - "recover", - "purge" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to keys" - }, - "secrets": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "get", - "list", - "set", - "delete", - "backup", - "restore", - "recover", - "purge" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to secrets" - }, - "storage": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "get", - "list", - "delete", - "set", - "update", - "regeneratekey", - "recover", - "purge", - "backup", - "restore", - "setsas", - "listsas", - "getsas", - "deletesas" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to storage accounts" - } - }, - "description": "Permissions the identity has for keys, secrets, certificates and storage." - }, - "SecretAttributes": { - "type": "object", - "properties": { - "enabled": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Determines whether the object is enabled." - }, - "exp": { - "oneOf": [ - { - "type": "integer" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Expiry date in seconds since 1970-01-01T00:00:00Z." - }, - "nbf": { - "oneOf": [ - { - "type": "integer" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Not before date in seconds since 1970-01-01T00:00:00Z." - } - }, - "description": "The secret management attributes." - }, - "SecretProperties": { - "type": "object", - "properties": { - "attributes": { - "oneOf": [ - { - "$ref": "#/definitions/SecretAttributes" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The secret management attributes." - }, - "contentType": { - "type": "string", - "description": "The content type of the secret." - }, - "value": { - "type": "string", - "description": "The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets." - } - }, - "description": "Properties of the secret" - }, - "Sku": { - "type": "object", - "properties": { - "family": { - "oneOf": [ - { - "type": "string", - "enum": [ - "A" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU family name" - }, - "name": { - "oneOf": [ - { - "type": "string", - "enum": [ - "standard", - "premium" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU name to specify whether the key vault is a standard vault or a premium vault." - } - }, - "required": [ - "family", - "name" - ], - "description": "SKU details" - }, - "VaultAccessPolicyProperties": { - "type": "object", - "properties": { - "accessPolicies": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/AccessPolicyEntry" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID." - } - }, - "required": [ - "accessPolicies" - ], - "description": "Properties of the vault access policy" - }, - "VaultProperties": { - "type": "object", - "properties": { - "accessPolicies": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/AccessPolicyEntry" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID." - }, - "createMode": { - "oneOf": [ - { - "type": "string", - "enum": [ - "recover", - "default" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The vault's create mode to indicate whether the vault need to be recovered or not." - }, - "enabledForDeployment": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault." - }, - "enabledForDiskEncryption": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys." - }, - "enabledForTemplateDeployment": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault." - }, - "enablePurgeProtection": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value." - }, - "enableSoftDelete": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether the 'soft delete' functionality is enabled for this key vault. It does not accept false value." - }, - "networkAcls": { - "oneOf": [ - { - "$ref": "#/definitions/NetworkRuleSet" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "A set of rules governing the network accessibility of a vault." - }, - "sku": { - "oneOf": [ - { - "$ref": "#/definitions/Sku" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU details" - }, - "tenantId": { - "oneOf": [ - { - "type": "string", - "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault." - }, - "vaultUri": { - "type": "string", - "description": "The URI of the vault for performing operations on keys and secrets." - } - }, - "required": [ - "sku", - "tenantId" - ], - "description": "Properties of the vault" - }, - "vaults_accessPolicies_childResource": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2018-02-14-preview" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "enum": [ - "add", - "replace", - "remove" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the operation." - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/VaultAccessPolicyProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the vault access policy" - }, - "type": { - "type": "string", - "enum": [ - "accessPolicies" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/accessPolicies" - }, - "vaults_secrets_childResource": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2018-02-14-preview" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "pattern": "^[a-zA-Z0-9-]{1,127}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the secret" - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/SecretProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the secret" - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The tags that will be assigned to the secret. " - }, - "type": { - "type": "string", - "enum": [ - "secrets" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/secrets" - }, - "VirtualNetworkRule": { - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'." - } - }, - "required": [ - "id" - ], - "description": "A rule governing the accessibility of a vault from a specific virtual network." - } - } -} \ No newline at end of file diff --git a/schemas/2018-02-14/Microsoft.KeyVault.json b/schemas/2018-02-14/Microsoft.KeyVault.json deleted file mode 100644 index 39840a18f9..0000000000 --- a/schemas/2018-02-14/Microsoft.KeyVault.json +++ /dev/null @@ -1,1002 +0,0 @@ -{ - "id": "https://schema.management.azure.com/schemas/2018-02-14/Microsoft.KeyVault.json#", - "$schema": "http://json-schema.org/draft-04/schema#", - "title": "Microsoft.KeyVault", - "description": "Microsoft KeyVault Resource Types", - "resourceDefinitions": { - "vaults": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2018-02-14" - ] - }, - "location": { - "type": "string", - "description": "The supported Azure location where the key vault should be created." - }, - "name": { - "oneOf": [ - { - "type": "string", - "pattern": "^[a-zA-Z0-9-]{3,24}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the vault" - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/VaultProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the vault" - }, - "resources": { - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/definitions/vaults_accessPolicies_childResource" - }, - { - "$ref": "#/definitions/vaults_privateEndpointConnections_childResource" - }, - { - "$ref": "#/definitions/vaults_secrets_childResource" - } - ] - } - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The tags that will be assigned to the key vault." - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/vaults" - ] - } - }, - "required": [ - "apiVersion", - "location", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults" - }, - "vaults_accessPolicies": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2018-02-14" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "enum": [ - "add", - "replace", - "remove" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the operation." - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/VaultAccessPolicyProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the vault access policy" - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/vaults/accessPolicies" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/accessPolicies" - }, - "vaults_privateEndpointConnections": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2018-02-14" - ] - }, - "name": { - "type": "string", - "description": "Name of the private endpoint connection associated with the key vault." - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/PrivateEndpointConnectionProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the private endpoint connection resource." - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/vaults/privateEndpointConnections" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/privateEndpointConnections" - }, - "vaults_secrets": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2018-02-14" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "pattern": "^[a-zA-Z0-9-]{1,127}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the secret" - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/SecretProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the secret" - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The tags that will be assigned to the secret. " - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/vaults/secrets" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/secrets" - } - }, - "definitions": { - "AccessPolicyEntry": { - "type": "object", - "properties": { - "applicationId": { - "oneOf": [ - { - "type": "string", - "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": " Application ID of the client making request on behalf of a principal" - }, - "objectId": { - "type": "string", - "description": "The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies." - }, - "permissions": { - "oneOf": [ - { - "$ref": "#/definitions/Permissions" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions the identity has for keys, secrets, certificates and storage." - }, - "tenantId": { - "oneOf": [ - { - "type": "string", - "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault." - } - }, - "required": [ - "objectId", - "permissions", - "tenantId" - ], - "description": "An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID." - }, - "IPRule": { - "type": "object", - "properties": { - "value": { - "type": "string", - "description": "An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78)." - } - }, - "required": [ - "value" - ], - "description": "A rule governing the accessibility of a vault from a specific ip address or ip range." - }, - "NetworkRuleSet": { - "type": "object", - "properties": { - "bypass": { - "oneOf": [ - { - "type": "string", - "enum": [ - "AzureServices", - "None" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'." - }, - "defaultAction": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Allow", - "Deny" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated." - }, - "ipRules": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/IPRule" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The list of IP address rules." - }, - "virtualNetworkRules": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/VirtualNetworkRule" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The list of virtual network rules." - } - }, - "description": "A set of rules governing the network accessibility of a vault." - }, - "Permissions": { - "type": "object", - "properties": { - "certificates": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "get", - "list", - "delete", - "create", - "import", - "update", - "managecontacts", - "getissuers", - "listissuers", - "setissuers", - "deleteissuers", - "manageissuers", - "recover", - "purge", - "backup", - "restore" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to certificates" - }, - "keys": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "encrypt", - "decrypt", - "wrapKey", - "unwrapKey", - "sign", - "verify", - "get", - "list", - "create", - "update", - "import", - "delete", - "backup", - "restore", - "recover", - "purge" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to keys" - }, - "secrets": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "get", - "list", - "set", - "delete", - "backup", - "restore", - "recover", - "purge" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to secrets" - }, - "storage": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "get", - "list", - "delete", - "set", - "update", - "regeneratekey", - "recover", - "purge", - "backup", - "restore", - "setsas", - "listsas", - "getsas", - "deletesas" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to storage accounts" - } - }, - "description": "Permissions the identity has for keys, secrets, certificates and storage." - }, - "PrivateEndpoint": { - "type": "object", - "properties": {}, - "description": "Private endpoint object properties." - }, - "PrivateEndpointConnectionProperties": { - "type": "object", - "properties": { - "privateEndpoint": { - "oneOf": [ - { - "$ref": "#/definitions/PrivateEndpoint" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Private endpoint object properties." - }, - "privateLinkServiceConnectionState": { - "oneOf": [ - { - "$ref": "#/definitions/PrivateLinkServiceConnectionState" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "An object that represents the approval state of the private link connection." - }, - "provisioningState": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Succeeded", - "Creating", - "Updating", - "Deleting", - "Failed", - "Disconnected" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Provisioning state of the private endpoint connection." - } - }, - "description": "Properties of the private endpoint connection resource." - }, - "PrivateLinkServiceConnectionState": { - "type": "object", - "properties": { - "actionRequired": { - "type": "string", - "description": "A message indicating if changes on the service provider require any updates on the consumer." - }, - "description": { - "type": "string", - "description": "The reason for approval or rejection." - }, - "status": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Pending", - "Approved", - "Rejected", - "Disconnected" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Indicates whether the connection has been approved, rejected or removed by the key vault owner." - } - }, - "description": "An object that represents the approval state of the private link connection." - }, - "SecretAttributes": { - "type": "object", - "properties": { - "enabled": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Determines whether the object is enabled." - }, - "exp": { - "oneOf": [ - { - "type": "integer" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Expiry date in seconds since 1970-01-01T00:00:00Z." - }, - "nbf": { - "oneOf": [ - { - "type": "integer" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Not before date in seconds since 1970-01-01T00:00:00Z." - } - }, - "description": "The secret management attributes." - }, - "SecretProperties": { - "type": "object", - "properties": { - "attributes": { - "oneOf": [ - { - "$ref": "#/definitions/SecretAttributes" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The secret management attributes." - }, - "contentType": { - "type": "string", - "description": "The content type of the secret." - }, - "value": { - "type": "string", - "description": "The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets." - } - }, - "description": "Properties of the secret" - }, - "Sku": { - "type": "object", - "properties": { - "family": { - "oneOf": [ - { - "type": "string", - "enum": [ - "A" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU family name" - }, - "name": { - "oneOf": [ - { - "type": "string", - "enum": [ - "standard", - "premium" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU name to specify whether the key vault is a standard vault or a premium vault." - } - }, - "required": [ - "family", - "name" - ], - "description": "SKU details" - }, - "VaultAccessPolicyProperties": { - "type": "object", - "properties": { - "accessPolicies": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/AccessPolicyEntry" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID." - } - }, - "required": [ - "accessPolicies" - ], - "description": "Properties of the vault access policy" - }, - "VaultProperties": { - "type": "object", - "properties": { - "accessPolicies": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/AccessPolicyEntry" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required." - }, - "createMode": { - "oneOf": [ - { - "type": "string", - "enum": [ - "recover", - "default" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The vault's create mode to indicate whether the vault need to be recovered or not." - }, - "enabledForDeployment": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault." - }, - "enabledForDiskEncryption": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys." - }, - "enabledForTemplateDeployment": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault." - }, - "enablePurgeProtection": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value." - }, - "enableSoftDelete": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether the 'soft delete' functionality is enabled for this key vault. It does not accept false value." - }, - "networkAcls": { - "oneOf": [ - { - "$ref": "#/definitions/NetworkRuleSet" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "A set of rules governing the network accessibility of a vault." - }, - "sku": { - "oneOf": [ - { - "$ref": "#/definitions/Sku" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU details" - }, - "tenantId": { - "oneOf": [ - { - "type": "string", - "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault." - }, - "vaultUri": { - "type": "string", - "description": "The URI of the vault for performing operations on keys and secrets." - } - }, - "required": [ - "sku", - "tenantId" - ], - "description": "Properties of the vault" - }, - "vaults_accessPolicies_childResource": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2018-02-14" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "enum": [ - "add", - "replace", - "remove" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the operation." - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/VaultAccessPolicyProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the vault access policy" - }, - "type": { - "type": "string", - "enum": [ - "accessPolicies" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/accessPolicies" - }, - "vaults_privateEndpointConnections_childResource": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2018-02-14" - ] - }, - "name": { - "type": "string", - "description": "Name of the private endpoint connection associated with the key vault." - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/PrivateEndpointConnectionProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the private endpoint connection resource." - }, - "type": { - "type": "string", - "enum": [ - "privateEndpointConnections" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/privateEndpointConnections" - }, - "vaults_secrets_childResource": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2018-02-14" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "pattern": "^[a-zA-Z0-9-]{1,127}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the secret" - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/SecretProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the secret" - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The tags that will be assigned to the secret. " - }, - "type": { - "type": "string", - "enum": [ - "secrets" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/secrets" - }, - "VirtualNetworkRule": { - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'." - } - }, - "required": [ - "id" - ], - "description": "A rule governing the accessibility of a vault from a specific virtual network." - } - } -} \ No newline at end of file diff --git a/schemas/2019-09-01/Microsoft.KeyVault.json b/schemas/2019-09-01/Microsoft.KeyVault.json deleted file mode 100644 index 2f9196ffd3..0000000000 --- a/schemas/2019-09-01/Microsoft.KeyVault.json +++ /dev/null @@ -1,1315 +0,0 @@ -{ - "id": "https://schema.management.azure.com/schemas/2019-09-01/Microsoft.KeyVault.json#", - "$schema": "http://json-schema.org/draft-04/schema#", - "title": "Microsoft.KeyVault", - "description": "Microsoft KeyVault Resource Types", - "resourceDefinitions": { - "vaults": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2019-09-01" - ] - }, - "location": { - "type": "string", - "description": "The supported Azure location where the key vault should be created." - }, - "name": { - "oneOf": [ - { - "type": "string", - "pattern": "^[a-zA-Z0-9-]{3,24}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the vault" - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/VaultProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the vault" - }, - "resources": { - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/definitions/vaults_accessPolicies_childResource" - }, - { - "$ref": "#/definitions/vaults_privateEndpointConnections_childResource" - }, - { - "$ref": "#/definitions/vaults_keys_childResource" - }, - { - "$ref": "#/definitions/vaults_secrets_childResource" - } - ] - } - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The tags that will be assigned to the key vault." - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/vaults" - ] - } - }, - "required": [ - "apiVersion", - "location", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults" - }, - "vaults_accessPolicies": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2019-09-01" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "enum": [ - "add", - "replace", - "remove" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the operation." - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/VaultAccessPolicyProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the vault access policy" - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/vaults/accessPolicies" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/accessPolicies" - }, - "vaults_keys": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2019-09-01" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "pattern": "^[a-zA-Z0-9-]{1,127}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The name of the key to be created." - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/KeyProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The properties of the key." - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The tags that will be assigned to the key." - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/vaults/keys" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/keys" - }, - "vaults_privateEndpointConnections": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2019-09-01" - ] - }, - "etag": { - "type": "string", - "description": "Modified whenever there is a change in the state of private endpoint connection." - }, - "name": { - "type": "string", - "description": "Name of the private endpoint connection associated with the key vault." - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/PrivateEndpointConnectionProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the private endpoint connection resource." - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/vaults/privateEndpointConnections" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/privateEndpointConnections" - }, - "vaults_secrets": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2019-09-01" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "pattern": "^[a-zA-Z0-9-]{1,127}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the secret" - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/SecretProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the secret" - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The tags that will be assigned to the secret. " - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/vaults/secrets" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/secrets" - } - }, - "definitions": { - "AccessPolicyEntry": { - "type": "object", - "properties": { - "applicationId": { - "oneOf": [ - { - "type": "string", - "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": " Application ID of the client making request on behalf of a principal" - }, - "objectId": { - "type": "string", - "description": "The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies." - }, - "permissions": { - "oneOf": [ - { - "$ref": "#/definitions/Permissions" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions the identity has for keys, secrets, certificates and storage." - }, - "tenantId": { - "oneOf": [ - { - "type": "string", - "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault." - } - }, - "required": [ - "objectId", - "permissions", - "tenantId" - ], - "description": "An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID." - }, - "IPRule": { - "type": "object", - "properties": { - "value": { - "type": "string", - "description": "An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78)." - } - }, - "required": [ - "value" - ], - "description": "A rule governing the accessibility of a vault from a specific ip address or ip range." - }, - "KeyAttributes": { - "type": "object", - "properties": { - "enabled": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Determines whether or not the object is enabled." - }, - "exp": { - "oneOf": [ - { - "type": "integer" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Expiry date in seconds since 1970-01-01T00:00:00Z." - }, - "nbf": { - "oneOf": [ - { - "type": "integer" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Not before date in seconds since 1970-01-01T00:00:00Z." - } - }, - "description": "The attributes of the key." - }, - "KeyProperties": { - "type": "object", - "properties": { - "attributes": { - "oneOf": [ - { - "$ref": "#/definitions/KeyAttributes" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The attributes of the key." - }, - "curveName": { - "oneOf": [ - { - "type": "string", - "enum": [ - "P-256", - "P-384", - "P-521", - "P-256K" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The elliptic curve name. For valid values, see JsonWebKeyCurveName." - }, - "keyOps": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "encrypt", - "decrypt", - "sign", - "verify", - "wrapKey", - "unwrapKey", - "import" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ] - }, - "keySize": { - "oneOf": [ - { - "type": "integer" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The key size in bits. For example: 2048, 3072, or 4096 for RSA." - }, - "kty": { - "oneOf": [ - { - "type": "string", - "enum": [ - "EC", - "EC-HSM", - "RSA", - "RSA-HSM" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The type of the key. For valid values, see JsonWebKeyType." - } - }, - "description": "The properties of the key." - }, - "NetworkRuleSet": { - "type": "object", - "properties": { - "bypass": { - "oneOf": [ - { - "type": "string", - "enum": [ - "AzureServices", - "None" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'." - }, - "defaultAction": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Allow", - "Deny" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated." - }, - "ipRules": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/IPRule" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The list of IP address rules." - }, - "virtualNetworkRules": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/VirtualNetworkRule" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The list of virtual network rules." - } - }, - "description": "A set of rules governing the network accessibility of a vault." - }, - "Permissions": { - "type": "object", - "properties": { - "certificates": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "all", - "get", - "list", - "delete", - "create", - "import", - "update", - "managecontacts", - "getissuers", - "listissuers", - "setissuers", - "deleteissuers", - "manageissuers", - "recover", - "purge", - "backup", - "restore" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to certificates" - }, - "keys": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "all", - "encrypt", - "decrypt", - "wrapKey", - "unwrapKey", - "sign", - "verify", - "get", - "list", - "create", - "update", - "import", - "delete", - "backup", - "restore", - "recover", - "purge" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to keys" - }, - "secrets": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "all", - "get", - "list", - "set", - "delete", - "backup", - "restore", - "recover", - "purge" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to secrets" - }, - "storage": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "all", - "get", - "list", - "delete", - "set", - "update", - "regeneratekey", - "recover", - "purge", - "backup", - "restore", - "setsas", - "listsas", - "getsas", - "deletesas" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to storage accounts" - } - }, - "description": "Permissions the identity has for keys, secrets, certificates and storage." - }, - "PrivateEndpoint": { - "type": "object", - "properties": {}, - "description": "Private endpoint object properties." - }, - "PrivateEndpointConnectionProperties": { - "type": "object", - "properties": { - "privateEndpoint": { - "oneOf": [ - { - "$ref": "#/definitions/PrivateEndpoint" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Private endpoint object properties." - }, - "privateLinkServiceConnectionState": { - "oneOf": [ - { - "$ref": "#/definitions/PrivateLinkServiceConnectionState" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "An object that represents the approval state of the private link connection." - }, - "provisioningState": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Succeeded", - "Creating", - "Updating", - "Deleting", - "Failed", - "Disconnected" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Provisioning state of the private endpoint connection." - } - }, - "description": "Properties of the private endpoint connection resource." - }, - "PrivateLinkServiceConnectionState": { - "type": "object", - "properties": { - "actionsRequired": { - "type": "string", - "description": "A message indicating if changes on the service provider require any updates on the consumer." - }, - "description": { - "type": "string", - "description": "The reason for approval or rejection." - }, - "status": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Pending", - "Approved", - "Rejected", - "Disconnected" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Indicates whether the connection has been approved, rejected or removed by the key vault owner." - } - }, - "description": "An object that represents the approval state of the private link connection." - }, - "SecretAttributes": { - "type": "object", - "properties": { - "enabled": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Determines whether the object is enabled." - }, - "exp": { - "oneOf": [ - { - "type": "integer" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Expiry date in seconds since 1970-01-01T00:00:00Z." - }, - "nbf": { - "oneOf": [ - { - "type": "integer" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Not before date in seconds since 1970-01-01T00:00:00Z." - } - }, - "description": "The secret management attributes." - }, - "SecretProperties": { - "type": "object", - "properties": { - "attributes": { - "oneOf": [ - { - "$ref": "#/definitions/SecretAttributes" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The secret management attributes." - }, - "contentType": { - "type": "string", - "description": "The content type of the secret." - }, - "value": { - "type": "string", - "description": "The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets." - } - }, - "description": "Properties of the secret" - }, - "Sku": { - "type": "object", - "properties": { - "family": { - "oneOf": [ - { - "type": "string", - "enum": [ - "A" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU family name" - }, - "name": { - "oneOf": [ - { - "type": "string", - "enum": [ - "standard", - "premium" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU name to specify whether the key vault is a standard vault or a premium vault." - } - }, - "required": [ - "family", - "name" - ], - "description": "SKU details" - }, - "VaultAccessPolicyProperties": { - "type": "object", - "properties": { - "accessPolicies": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/AccessPolicyEntry" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID." - } - }, - "required": [ - "accessPolicies" - ], - "description": "Properties of the vault access policy" - }, - "VaultProperties": { - "type": "object", - "properties": { - "accessPolicies": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/AccessPolicyEntry" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required." - }, - "createMode": { - "oneOf": [ - { - "type": "string", - "enum": [ - "recover", - "default" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The vault's create mode to indicate whether the vault need to be recovered or not." - }, - "enabledForDeployment": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault." - }, - "enabledForDiskEncryption": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys." - }, - "enabledForTemplateDeployment": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault." - }, - "enablePurgeProtection": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value." - }, - "enableRbacAuthorization": { - "oneOf": [ - { - "type": "boolean", - "default": false - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored (warning: this is a preview feature). When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC." - }, - "enableSoftDelete": { - "oneOf": [ - { - "type": "boolean", - "default": true - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false." - }, - "networkAcls": { - "oneOf": [ - { - "$ref": "#/definitions/NetworkRuleSet" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "A set of rules governing the network accessibility of a vault." - }, - "provisioningState": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Succeeded", - "RegisteringDns" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Provisioning state of the vault." - }, - "sku": { - "oneOf": [ - { - "$ref": "#/definitions/Sku" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU details" - }, - "softDeleteRetentionInDays": { - "oneOf": [ - { - "type": "integer", - "default": "90" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "softDelete data retention days. It accepts >=7 and <=90." - }, - "tenantId": { - "oneOf": [ - { - "type": "string", - "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault." - }, - "vaultUri": { - "type": "string", - "description": "The URI of the vault for performing operations on keys and secrets. This property is readonly" - } - }, - "required": [ - "sku", - "tenantId" - ], - "description": "Properties of the vault" - }, - "vaults_accessPolicies_childResource": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2019-09-01" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "enum": [ - "add", - "replace", - "remove" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the operation." - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/VaultAccessPolicyProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the vault access policy" - }, - "type": { - "type": "string", - "enum": [ - "accessPolicies" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/accessPolicies" - }, - "vaults_keys_childResource": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2019-09-01" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "pattern": "^[a-zA-Z0-9-]{1,127}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The name of the key to be created." - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/KeyProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The properties of the key." - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The tags that will be assigned to the key." - }, - "type": { - "type": "string", - "enum": [ - "keys" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/keys" - }, - "vaults_privateEndpointConnections_childResource": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2019-09-01" - ] - }, - "etag": { - "type": "string", - "description": "Modified whenever there is a change in the state of private endpoint connection." - }, - "name": { - "type": "string", - "description": "Name of the private endpoint connection associated with the key vault." - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/PrivateEndpointConnectionProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the private endpoint connection resource." - }, - "type": { - "type": "string", - "enum": [ - "privateEndpointConnections" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/privateEndpointConnections" - }, - "vaults_secrets_childResource": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2019-09-01" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "pattern": "^[a-zA-Z0-9-]{1,127}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the secret" - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/SecretProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the secret" - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The tags that will be assigned to the secret. " - }, - "type": { - "type": "string", - "enum": [ - "secrets" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/secrets" - }, - "VirtualNetworkRule": { - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'." - }, - "ignoreMissingVnetServiceEndpoint": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured." - } - }, - "required": [ - "id" - ], - "description": "A rule governing the accessibility of a vault from a specific virtual network." - } - } -} \ No newline at end of file diff --git a/schemas/2020-04-01-preview/Microsoft.KeyVault.json b/schemas/2020-04-01-preview/Microsoft.KeyVault.json deleted file mode 100644 index 6f7ba25cc2..0000000000 --- a/schemas/2020-04-01-preview/Microsoft.KeyVault.json +++ /dev/null @@ -1,1262 +0,0 @@ -{ - "id": "https://schema.management.azure.com/schemas/2020-04-01-preview/Microsoft.KeyVault.json#", - "$schema": "http://json-schema.org/draft-04/schema#", - "title": "Microsoft.KeyVault", - "description": "Microsoft KeyVault Resource Types", - "resourceDefinitions": { - "managedHSMs": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2020-04-01-preview" - ] - }, - "location": { - "type": "string", - "description": "The supported Azure location where the managed HSM Pool should be created." - }, - "name": { - "type": "string", - "description": "Name of the managed HSM Pool" - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/ManagedHsmProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the managed HSM Pool" - }, - "sku": { - "oneOf": [ - { - "$ref": "#/definitions/ManagedHsmSku" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU details" - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Resource tags" - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/managedHSMs" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/managedHSMs" - }, - "vaults": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2020-04-01-preview" - ] - }, - "location": { - "type": "string", - "description": "The supported Azure location where the key vault should be created." - }, - "name": { - "oneOf": [ - { - "type": "string", - "pattern": "^[a-zA-Z0-9-]{3,24}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the vault" - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/VaultProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the vault" - }, - "resources": { - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/definitions/vaults_accessPolicies_childResource" - }, - { - "$ref": "#/definitions/vaults_privateEndpointConnections_childResource" - }, - { - "$ref": "#/definitions/vaults_secrets_childResource" - } - ] - } - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The tags that will be assigned to the key vault." - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/vaults" - ] - } - }, - "required": [ - "apiVersion", - "location", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults" - }, - "vaults_accessPolicies": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2020-04-01-preview" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "enum": [ - "add", - "replace", - "remove" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the operation." - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/VaultAccessPolicyProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the vault access policy" - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/vaults/accessPolicies" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/accessPolicies" - }, - "vaults_privateEndpointConnections": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2020-04-01-preview" - ] - }, - "etag": { - "type": "string", - "description": "Modified whenever there is a change in the state of private endpoint connection." - }, - "name": { - "type": "string", - "description": "Name of the private endpoint connection associated with the key vault." - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/PrivateEndpointConnectionProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the private endpoint connection resource." - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/vaults/privateEndpointConnections" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/privateEndpointConnections" - }, - "vaults_secrets": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2020-04-01-preview" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "pattern": "^[a-zA-Z0-9-]{1,127}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the secret" - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/SecretProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the secret" - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The tags that will be assigned to the secret. " - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/vaults/secrets" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/secrets" - } - }, - "definitions": { - "AccessPolicyEntry": { - "type": "object", - "properties": { - "applicationId": { - "oneOf": [ - { - "type": "string", - "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": " Application ID of the client making request on behalf of a principal" - }, - "objectId": { - "type": "string", - "description": "The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies." - }, - "permissions": { - "oneOf": [ - { - "$ref": "#/definitions/Permissions" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions the identity has for keys, secrets, certificates and storage." - }, - "tenantId": { - "oneOf": [ - { - "type": "string", - "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault." - } - }, - "required": [ - "objectId", - "permissions", - "tenantId" - ], - "description": "An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID." - }, - "IPRule": { - "type": "object", - "properties": { - "value": { - "type": "string", - "description": "An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78)." - } - }, - "required": [ - "value" - ], - "description": "A rule governing the accessibility of a vault from a specific ip address or ip range." - }, - "ManagedHsmProperties": { - "type": "object", - "properties": { - "createMode": { - "oneOf": [ - { - "type": "string", - "enum": [ - "recover", - "default" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The create mode to indicate whether the resource is being created or is being recovered from a deleted resource." - }, - "enablePurgeProtection": { - "oneOf": [ - { - "type": "boolean", - "default": true - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property specifying whether protection against purge is enabled for this managed HSM pool. Setting this property to true activates protection against purge for this managed HSM pool and its content - only the Managed HSM service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible." - }, - "enableSoftDelete": { - "oneOf": [ - { - "type": "boolean", - "default": true - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether the 'soft delete' functionality is enabled for this managed HSM pool. If it's not set to any value(true or false) when creating new managed HSM pool, it will be set to true by default. Once set to true, it cannot be reverted to false." - }, - "initialAdminObjectIds": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Array of initial administrators object ids for this managed hsm pool." - }, - "softDeleteRetentionInDays": { - "oneOf": [ - { - "type": "integer", - "default": "90" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "softDelete data retention days. It accepts >=7 and <=90." - }, - "tenantId": { - "oneOf": [ - { - "type": "string", - "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The Azure Active Directory tenant ID that should be used for authenticating requests to the managed HSM pool." - } - }, - "description": "Properties of the managed HSM Pool" - }, - "ManagedHsmSku": { - "type": "object", - "properties": { - "family": { - "oneOf": [ - { - "type": "string", - "enum": [ - "B" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU Family of the managed HSM Pool" - }, - "name": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Standard_B1", - "Custom_B32" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU of the managed HSM Pool." - } - }, - "required": [ - "family", - "name" - ], - "description": "SKU details" - }, - "NetworkRuleSet": { - "type": "object", - "properties": { - "bypass": { - "oneOf": [ - { - "type": "string", - "enum": [ - "AzureServices", - "None" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'." - }, - "defaultAction": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Allow", - "Deny" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated." - }, - "ipRules": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/IPRule" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The list of IP address rules." - }, - "virtualNetworkRules": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/VirtualNetworkRule" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The list of virtual network rules." - } - }, - "description": "A set of rules governing the network accessibility of a vault." - }, - "Permissions": { - "type": "object", - "properties": { - "certificates": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "get", - "list", - "delete", - "create", - "import", - "update", - "managecontacts", - "getissuers", - "listissuers", - "setissuers", - "deleteissuers", - "manageissuers", - "recover", - "purge", - "backup", - "restore" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to certificates" - }, - "keys": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "encrypt", - "decrypt", - "wrapKey", - "unwrapKey", - "sign", - "verify", - "get", - "list", - "create", - "update", - "import", - "delete", - "backup", - "restore", - "recover", - "purge" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to keys" - }, - "secrets": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "get", - "list", - "set", - "delete", - "backup", - "restore", - "recover", - "purge" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to secrets" - }, - "storage": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "get", - "list", - "delete", - "set", - "update", - "regeneratekey", - "recover", - "purge", - "backup", - "restore", - "setsas", - "listsas", - "getsas", - "deletesas" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to storage accounts" - } - }, - "description": "Permissions the identity has for keys, secrets, certificates and storage." - }, - "PrivateEndpoint": { - "type": "object", - "properties": {}, - "description": "Private endpoint object properties." - }, - "PrivateEndpointConnectionProperties": { - "type": "object", - "properties": { - "privateEndpoint": { - "oneOf": [ - { - "$ref": "#/definitions/PrivateEndpoint" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Private endpoint object properties." - }, - "privateLinkServiceConnectionState": { - "oneOf": [ - { - "$ref": "#/definitions/PrivateLinkServiceConnectionState" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "An object that represents the approval state of the private link connection." - }, - "provisioningState": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Succeeded", - "Creating", - "Updating", - "Deleting", - "Failed", - "Disconnected" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Provisioning state of the private endpoint connection." - } - }, - "description": "Properties of the private endpoint connection resource." - }, - "PrivateLinkServiceConnectionState": { - "type": "object", - "properties": { - "actionsRequired": { - "oneOf": [ - { - "type": "string", - "enum": [ - "None" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "A message indicating if changes on the service provider require any updates on the consumer." - }, - "description": { - "type": "string", - "description": "The reason for approval or rejection." - }, - "status": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Pending", - "Approved", - "Rejected", - "Disconnected" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Indicates whether the connection has been approved, rejected or removed by the key vault owner." - } - }, - "description": "An object that represents the approval state of the private link connection." - }, - "SecretAttributes": { - "type": "object", - "properties": { - "enabled": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Determines whether the object is enabled." - }, - "exp": { - "oneOf": [ - { - "type": "integer" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Expiry date in seconds since 1970-01-01T00:00:00Z." - }, - "nbf": { - "oneOf": [ - { - "type": "integer" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Not before date in seconds since 1970-01-01T00:00:00Z." - } - }, - "description": "The secret management attributes." - }, - "SecretProperties": { - "type": "object", - "properties": { - "attributes": { - "oneOf": [ - { - "$ref": "#/definitions/SecretAttributes" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The secret management attributes." - }, - "contentType": { - "type": "string", - "description": "The content type of the secret." - }, - "value": { - "type": "string", - "description": "The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets." - } - }, - "description": "Properties of the secret" - }, - "Sku": { - "type": "object", - "properties": { - "family": { - "oneOf": [ - { - "type": "string", - "enum": [ - "A" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU family name" - }, - "name": { - "oneOf": [ - { - "type": "string", - "enum": [ - "standard", - "premium" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU name to specify whether the key vault is a standard vault or a premium vault." - } - }, - "required": [ - "family", - "name" - ], - "description": "SKU details" - }, - "VaultAccessPolicyProperties": { - "type": "object", - "properties": { - "accessPolicies": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/AccessPolicyEntry" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID." - } - }, - "required": [ - "accessPolicies" - ], - "description": "Properties of the vault access policy" - }, - "VaultProperties": { - "type": "object", - "properties": { - "accessPolicies": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/AccessPolicyEntry" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required." - }, - "createMode": { - "oneOf": [ - { - "type": "string", - "enum": [ - "recover", - "default" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The vault's create mode to indicate whether the vault need to be recovered or not." - }, - "enabledForDeployment": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault." - }, - "enabledForDiskEncryption": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys." - }, - "enabledForTemplateDeployment": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault." - }, - "enablePurgeProtection": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value." - }, - "enableRbacAuthorization": { - "oneOf": [ - { - "type": "boolean", - "default": false - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored (warning: this is a preview feature). When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC." - }, - "enableSoftDelete": { - "oneOf": [ - { - "type": "boolean", - "default": true - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false." - }, - "networkAcls": { - "oneOf": [ - { - "$ref": "#/definitions/NetworkRuleSet" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "A set of rules governing the network accessibility of a vault." - }, - "provisioningState": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Succeeded", - "RegisteringDns" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Provisioning state of the vault." - }, - "sku": { - "oneOf": [ - { - "$ref": "#/definitions/Sku" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU details" - }, - "softDeleteRetentionInDays": { - "oneOf": [ - { - "type": "integer", - "default": "90" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "softDelete data retention days. It accepts >=7 and <=90." - }, - "tenantId": { - "oneOf": [ - { - "type": "string", - "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault." - }, - "vaultUri": { - "type": "string", - "description": "The URI of the vault for performing operations on keys and secrets." - } - }, - "required": [ - "sku", - "tenantId" - ], - "description": "Properties of the vault" - }, - "vaults_accessPolicies_childResource": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2020-04-01-preview" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "enum": [ - "add", - "replace", - "remove" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the operation." - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/VaultAccessPolicyProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the vault access policy" - }, - "type": { - "type": "string", - "enum": [ - "accessPolicies" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/accessPolicies" - }, - "vaults_privateEndpointConnections_childResource": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2020-04-01-preview" - ] - }, - "etag": { - "type": "string", - "description": "Modified whenever there is a change in the state of private endpoint connection." - }, - "name": { - "type": "string", - "description": "Name of the private endpoint connection associated with the key vault." - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/PrivateEndpointConnectionProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the private endpoint connection resource." - }, - "type": { - "type": "string", - "enum": [ - "privateEndpointConnections" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/privateEndpointConnections" - }, - "vaults_secrets_childResource": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2020-04-01-preview" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "pattern": "^[a-zA-Z0-9-]{1,127}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the secret" - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/SecretProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the secret" - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The tags that will be assigned to the secret. " - }, - "type": { - "type": "string", - "enum": [ - "secrets" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/secrets" - }, - "VirtualNetworkRule": { - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'." - }, - "ignoreMissingVnetServiceEndpoint": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured." - } - }, - "required": [ - "id" - ], - "description": "A rule governing the accessibility of a vault from a specific virtual network." - } - } -} \ No newline at end of file diff --git a/schemas/2021-04-01-preview/Microsoft.KeyVault.json b/schemas/2021-04-01-preview/Microsoft.KeyVault.json deleted file mode 100644 index 69fbfeaa21..0000000000 --- a/schemas/2021-04-01-preview/Microsoft.KeyVault.json +++ /dev/null @@ -1,1707 +0,0 @@ -{ - "id": "https://schema.management.azure.com/schemas/2021-04-01-preview/Microsoft.KeyVault.json#", - "$schema": "http://json-schema.org/draft-04/schema#", - "title": "Microsoft.KeyVault", - "description": "Microsoft KeyVault Resource Types", - "resourceDefinitions": { - "managedHSMs": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2021-04-01-preview" - ] - }, - "location": { - "type": "string", - "description": "The supported Azure location where the managed HSM Pool should be created." - }, - "name": { - "type": "string", - "description": "Name of the managed HSM Pool" - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/ManagedHsmProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the managed HSM Pool" - }, - "resources": { - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/definitions/managedHSMs_privateEndpointConnections_childResource" - } - ] - } - }, - "sku": { - "oneOf": [ - { - "$ref": "#/definitions/ManagedHsmSku" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU details" - }, - "systemData": { - "oneOf": [ - { - "$ref": "#/definitions/SystemData" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Metadata pertaining to creation and last modification of the key vault resource." - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Resource tags" - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/managedHSMs" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/managedHSMs" - }, - "managedHSMs_privateEndpointConnections": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2021-04-01-preview" - ] - }, - "etag": { - "type": "string", - "description": "Modified whenever there is a change in the state of private endpoint connection." - }, - "location": { - "type": "string", - "description": "The supported Azure location where the managed HSM Pool should be created." - }, - "name": { - "type": "string", - "description": "Name of the private endpoint connection associated with the managed hsm pool." - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/MHSMPrivateEndpointConnectionProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the private endpoint connection resource." - }, - "sku": { - "oneOf": [ - { - "$ref": "#/definitions/ManagedHsmSku" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU details" - }, - "systemData": { - "oneOf": [ - { - "$ref": "#/definitions/SystemData" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Metadata pertaining to creation and last modification of the key vault resource." - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Resource tags" - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/managedHSMs/privateEndpointConnections" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/managedHSMs/privateEndpointConnections" - }, - "vaults": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2021-04-01-preview" - ] - }, - "location": { - "type": "string", - "description": "The supported Azure location where the key vault should be created." - }, - "name": { - "oneOf": [ - { - "type": "string", - "pattern": "^[a-zA-Z0-9-]{3,24}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the vault" - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/VaultProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the vault" - }, - "resources": { - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/definitions/vaults_accessPolicies_childResource" - }, - { - "$ref": "#/definitions/vaults_privateEndpointConnections_childResource" - }, - { - "$ref": "#/definitions/vaults_secrets_childResource" - } - ] - } - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The tags that will be assigned to the key vault." - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/vaults" - ] - } - }, - "required": [ - "apiVersion", - "location", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults" - }, - "vaults_accessPolicies": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2021-04-01-preview" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "enum": [ - "add", - "replace", - "remove" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the operation." - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/VaultAccessPolicyProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the vault access policy" - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/vaults/accessPolicies" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/accessPolicies" - }, - "vaults_privateEndpointConnections": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2021-04-01-preview" - ] - }, - "etag": { - "type": "string", - "description": "Modified whenever there is a change in the state of private endpoint connection." - }, - "name": { - "type": "string", - "description": "Name of the private endpoint connection associated with the key vault." - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/PrivateEndpointConnectionProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the private endpoint connection resource." - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/vaults/privateEndpointConnections" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/privateEndpointConnections" - }, - "vaults_secrets": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2021-04-01-preview" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "pattern": "^[a-zA-Z0-9-]{1,127}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the secret" - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/SecretProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the secret" - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The tags that will be assigned to the secret. " - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.KeyVault/vaults/secrets" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/secrets" - } - }, - "definitions": { - "AccessPolicyEntry": { - "type": "object", - "properties": { - "applicationId": { - "oneOf": [ - { - "type": "string", - "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": " Application ID of the client making request on behalf of a principal" - }, - "objectId": { - "type": "string", - "description": "The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies." - }, - "permissions": { - "oneOf": [ - { - "$ref": "#/definitions/Permissions" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions the identity has for keys, secrets, certificates and storage." - }, - "tenantId": { - "oneOf": [ - { - "type": "string", - "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault." - } - }, - "required": [ - "objectId", - "permissions", - "tenantId" - ], - "description": "An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID." - }, - "IPRule": { - "type": "object", - "properties": { - "value": { - "type": "string", - "description": "An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78)." - } - }, - "required": [ - "value" - ], - "description": "A rule governing the accessibility of a vault from a specific ip address or ip range." - }, - "ManagedHsmProperties": { - "type": "object", - "properties": { - "createMode": { - "oneOf": [ - { - "type": "string", - "enum": [ - "recover", - "default" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The create mode to indicate whether the resource is being created or is being recovered from a deleted resource." - }, - "enablePurgeProtection": { - "oneOf": [ - { - "type": "boolean", - "default": true - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property specifying whether protection against purge is enabled for this managed HSM pool. Setting this property to true activates protection against purge for this managed HSM pool and its content - only the Managed HSM service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible." - }, - "enableSoftDelete": { - "oneOf": [ - { - "type": "boolean", - "default": true - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether the 'soft delete' functionality is enabled for this managed HSM pool. If it's not set to any value(true or false) when creating new managed HSM pool, it will be set to true by default. Once set to true, it cannot be reverted to false." - }, - "initialAdminObjectIds": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Array of initial administrators object ids for this managed hsm pool." - }, - "networkAcls": { - "oneOf": [ - { - "$ref": "#/definitions/MHSMNetworkRuleSet" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "A set of rules governing the network accessibility of a managed hsm pool." - }, - "publicNetworkAccess": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Enabled", - "Disabled" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Control permission for data plane traffic coming from public networks while private endpoint is enabled." - }, - "softDeleteRetentionInDays": { - "oneOf": [ - { - "type": "integer", - "default": "90" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "softDelete data retention days. It accepts >=7 and <=90." - }, - "tenantId": { - "oneOf": [ - { - "type": "string", - "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The Azure Active Directory tenant ID that should be used for authenticating requests to the managed HSM pool." - } - }, - "description": "Properties of the managed HSM Pool" - }, - "ManagedHsmSku": { - "type": "object", - "properties": { - "family": { - "oneOf": [ - { - "type": "string", - "enum": [ - "B" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU Family of the managed HSM Pool" - }, - "name": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Standard_B1", - "Custom_B32" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU of the managed HSM Pool." - } - }, - "required": [ - "family", - "name" - ], - "description": "SKU details" - }, - "managedHSMs_privateEndpointConnections_childResource": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2021-04-01-preview" - ] - }, - "etag": { - "type": "string", - "description": "Modified whenever there is a change in the state of private endpoint connection." - }, - "location": { - "type": "string", - "description": "The supported Azure location where the managed HSM Pool should be created." - }, - "name": { - "type": "string", - "description": "Name of the private endpoint connection associated with the managed hsm pool." - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/MHSMPrivateEndpointConnectionProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the private endpoint connection resource." - }, - "sku": { - "oneOf": [ - { - "$ref": "#/definitions/ManagedHsmSku" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU details" - }, - "systemData": { - "oneOf": [ - { - "$ref": "#/definitions/SystemData" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Metadata pertaining to creation and last modification of the key vault resource." - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Resource tags" - }, - "type": { - "type": "string", - "enum": [ - "privateEndpointConnections" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/managedHSMs/privateEndpointConnections" - }, - "MHSMIPRule": { - "type": "object", - "properties": { - "value": { - "type": "string", - "description": "An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78)." - } - }, - "required": [ - "value" - ], - "description": "A rule governing the accessibility of a managed hsm pool from a specific ip address or ip range." - }, - "MHSMNetworkRuleSet": { - "type": "object", - "properties": { - "bypass": { - "oneOf": [ - { - "type": "string", - "enum": [ - "AzureServices", - "None" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'." - }, - "defaultAction": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Allow", - "Deny" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated." - }, - "ipRules": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/MHSMIPRule" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The list of IP address rules." - }, - "virtualNetworkRules": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/MHSMVirtualNetworkRule" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The list of virtual network rules." - } - }, - "description": "A set of rules governing the network accessibility of a managed hsm pool." - }, - "MHSMPrivateEndpoint": { - "type": "object", - "properties": {}, - "description": "Private endpoint object properties." - }, - "MHSMPrivateEndpointConnectionProperties": { - "type": "object", - "properties": { - "privateEndpoint": { - "oneOf": [ - { - "$ref": "#/definitions/MHSMPrivateEndpoint" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Private endpoint object properties." - }, - "privateLinkServiceConnectionState": { - "oneOf": [ - { - "$ref": "#/definitions/MHSMPrivateLinkServiceConnectionState" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "An object that represents the approval state of the private link connection." - }, - "provisioningState": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Succeeded", - "Creating", - "Updating", - "Deleting", - "Failed", - "Disconnected" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Provisioning state of the private endpoint connection." - } - }, - "description": "Properties of the private endpoint connection resource." - }, - "MHSMPrivateLinkServiceConnectionState": { - "type": "object", - "properties": { - "actionsRequired": { - "oneOf": [ - { - "type": "string", - "enum": [ - "None" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "A message indicating if changes on the service provider require any updates on the consumer." - }, - "description": { - "type": "string", - "description": "The reason for approval or rejection." - }, - "status": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Pending", - "Approved", - "Rejected", - "Disconnected" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Indicates whether the connection has been approved, rejected or removed by the key vault owner." - } - }, - "description": "An object that represents the approval state of the private link connection." - }, - "MHSMVirtualNetworkRule": { - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'." - } - }, - "required": [ - "id" - ], - "description": "A rule governing the accessibility of a managed hsm pool from a specific virtual network." - }, - "NetworkRuleSet": { - "type": "object", - "properties": { - "bypass": { - "oneOf": [ - { - "type": "string", - "enum": [ - "AzureServices", - "None" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'." - }, - "defaultAction": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Allow", - "Deny" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated." - }, - "ipRules": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/IPRule" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The list of IP address rules." - }, - "virtualNetworkRules": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/VirtualNetworkRule" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The list of virtual network rules." - } - }, - "description": "A set of rules governing the network accessibility of a vault." - }, - "Permissions": { - "type": "object", - "properties": { - "certificates": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "get", - "list", - "delete", - "create", - "import", - "update", - "managecontacts", - "getissuers", - "listissuers", - "setissuers", - "deleteissuers", - "manageissuers", - "recover", - "purge", - "backup", - "restore" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to certificates" - }, - "keys": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "encrypt", - "decrypt", - "wrapKey", - "unwrapKey", - "sign", - "verify", - "get", - "list", - "create", - "update", - "import", - "delete", - "backup", - "restore", - "recover", - "purge" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to keys" - }, - "secrets": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "get", - "list", - "set", - "delete", - "backup", - "restore", - "recover", - "purge" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to secrets" - }, - "storage": { - "oneOf": [ - { - "type": "array", - "items": { - "type": "string", - "enum": [ - "get", - "list", - "delete", - "set", - "update", - "regeneratekey", - "recover", - "purge", - "backup", - "restore", - "setsas", - "listsas", - "getsas", - "deletesas" - ] - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Permissions to storage accounts" - } - }, - "description": "Permissions the identity has for keys, secrets, certificates and storage." - }, - "PrivateEndpoint": { - "type": "object", - "properties": {}, - "description": "Private endpoint object properties." - }, - "PrivateEndpointConnectionProperties": { - "type": "object", - "properties": { - "privateEndpoint": { - "oneOf": [ - { - "$ref": "#/definitions/PrivateEndpoint" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Private endpoint object properties." - }, - "privateLinkServiceConnectionState": { - "oneOf": [ - { - "$ref": "#/definitions/PrivateLinkServiceConnectionState" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "An object that represents the approval state of the private link connection." - }, - "provisioningState": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Succeeded", - "Creating", - "Updating", - "Deleting", - "Failed", - "Disconnected" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Provisioning state of the private endpoint connection." - } - }, - "description": "Properties of the private endpoint connection resource." - }, - "PrivateLinkServiceConnectionState": { - "type": "object", - "properties": { - "actionsRequired": { - "oneOf": [ - { - "type": "string", - "enum": [ - "None" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "A message indicating if changes on the service provider require any updates on the consumer." - }, - "description": { - "type": "string", - "description": "The reason for approval or rejection." - }, - "status": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Pending", - "Approved", - "Rejected", - "Disconnected" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Indicates whether the connection has been approved, rejected or removed by the key vault owner." - } - }, - "description": "An object that represents the approval state of the private link connection." - }, - "SecretAttributes": { - "type": "object", - "properties": { - "enabled": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Determines whether the object is enabled." - }, - "exp": { - "oneOf": [ - { - "type": "integer" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Expiry date in seconds since 1970-01-01T00:00:00Z." - }, - "nbf": { - "oneOf": [ - { - "type": "integer" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Not before date in seconds since 1970-01-01T00:00:00Z." - } - }, - "description": "The secret management attributes." - }, - "SecretProperties": { - "type": "object", - "properties": { - "attributes": { - "oneOf": [ - { - "$ref": "#/definitions/SecretAttributes" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The secret management attributes." - }, - "contentType": { - "type": "string", - "description": "The content type of the secret." - }, - "value": { - "type": "string", - "description": "The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets." - } - }, - "description": "Properties of the secret" - }, - "Sku": { - "type": "object", - "properties": { - "family": { - "oneOf": [ - { - "type": "string", - "enum": [ - "A" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU family name" - }, - "name": { - "oneOf": [ - { - "type": "string", - "enum": [ - "standard", - "premium" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU name to specify whether the key vault is a standard vault or a premium vault." - } - }, - "required": [ - "family", - "name" - ], - "description": "SKU details" - }, - "SystemData": { - "type": "object", - "properties": { - "createdAt": { - "type": "string", - "format": "date-time", - "description": "The timestamp of the key vault resource creation (UTC)." - }, - "createdBy": { - "type": "string", - "description": "The identity that created the key vault resource." - }, - "createdByType": { - "oneOf": [ - { - "type": "string", - "enum": [ - "User", - "Application", - "ManagedIdentity", - "Key" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The type of identity that created the key vault resource." - }, - "lastModifiedAt": { - "type": "string", - "format": "date-time", - "description": "The timestamp of the key vault resource last modification (UTC)." - }, - "lastModifiedBy": { - "type": "string", - "description": "The identity that last modified the key vault resource." - }, - "lastModifiedByType": { - "oneOf": [ - { - "type": "string", - "enum": [ - "User", - "Application", - "ManagedIdentity", - "Key" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The type of identity that last modified the key vault resource." - } - }, - "description": "Metadata pertaining to creation and last modification of the key vault resource." - }, - "VaultAccessPolicyProperties": { - "type": "object", - "properties": { - "accessPolicies": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/AccessPolicyEntry" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID." - } - }, - "required": [ - "accessPolicies" - ], - "description": "Properties of the vault access policy" - }, - "VaultProperties": { - "type": "object", - "properties": { - "accessPolicies": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/AccessPolicyEntry" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required." - }, - "createMode": { - "oneOf": [ - { - "type": "string", - "enum": [ - "recover", - "default" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The vault's create mode to indicate whether the vault need to be recovered or not." - }, - "enabledForDeployment": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault." - }, - "enabledForDiskEncryption": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys." - }, - "enabledForTemplateDeployment": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault." - }, - "enablePurgeProtection": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value." - }, - "enableRbacAuthorization": { - "oneOf": [ - { - "type": "boolean", - "default": false - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored (warning: this is a preview feature). When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC." - }, - "enableSoftDelete": { - "oneOf": [ - { - "type": "boolean", - "default": true - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false." - }, - "networkAcls": { - "oneOf": [ - { - "$ref": "#/definitions/NetworkRuleSet" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "A set of rules governing the network accessibility of a vault." - }, - "provisioningState": { - "oneOf": [ - { - "type": "string", - "enum": [ - "Succeeded", - "RegisteringDns" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Provisioning state of the vault." - }, - "sku": { - "oneOf": [ - { - "$ref": "#/definitions/Sku" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "SKU details" - }, - "softDeleteRetentionInDays": { - "oneOf": [ - { - "type": "integer", - "default": "90" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "softDelete data retention days. It accepts >=7 and <=90." - }, - "tenantId": { - "oneOf": [ - { - "type": "string", - "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault." - }, - "vaultUri": { - "type": "string", - "description": "The URI of the vault for performing operations on keys and secrets." - } - }, - "required": [ - "sku", - "tenantId" - ], - "description": "Properties of the vault" - }, - "vaults_accessPolicies_childResource": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2021-04-01-preview" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "enum": [ - "add", - "replace", - "remove" - ] - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the operation." - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/VaultAccessPolicyProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the vault access policy" - }, - "type": { - "type": "string", - "enum": [ - "accessPolicies" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/accessPolicies" - }, - "vaults_privateEndpointConnections_childResource": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2021-04-01-preview" - ] - }, - "etag": { - "type": "string", - "description": "Modified whenever there is a change in the state of private endpoint connection." - }, - "name": { - "type": "string", - "description": "Name of the private endpoint connection associated with the key vault." - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/PrivateEndpointConnectionProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the private endpoint connection resource." - }, - "type": { - "type": "string", - "enum": [ - "privateEndpointConnections" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/privateEndpointConnections" - }, - "vaults_secrets_childResource": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2021-04-01-preview" - ] - }, - "name": { - "oneOf": [ - { - "type": "string", - "pattern": "^[a-zA-Z0-9-]{1,127}$" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Name of the secret" - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/SecretProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Properties of the secret" - }, - "tags": { - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "The tags that will be assigned to the secret. " - }, - "type": { - "type": "string", - "enum": [ - "secrets" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.KeyVault/vaults/secrets" - }, - "VirtualNetworkRule": { - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'." - } - }, - "required": [ - "id" - ], - "description": "A rule governing the accessibility of a vault from a specific virtual network." - } - } -} \ No newline at end of file diff --git a/schemas/common/autogeneratedResources.json b/schemas/common/autogeneratedResources.json index a84d984326..cbefe3be45 100644 --- a/schemas/common/autogeneratedResources.json +++ b/schemas/common/autogeneratedResources.json @@ -5395,87 +5395,6 @@ { "$ref": "https://schema.management.azure.com/schemas/2017-10-01-preview/Microsoft.IoTSpaces.json#/resourceDefinitions/Graph" }, - { - "$ref": "https://schema.management.azure.com/schemas/2015-06-01/Microsoft.KeyVault.json#/resourceDefinitions/vaults" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2016-10-01/Microsoft.KeyVault.json#/resourceDefinitions/vaults" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2016-10-01/Microsoft.KeyVault.json#/resourceDefinitions/vaults_accessPolicies" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2016-10-01/Microsoft.KeyVault.json#/resourceDefinitions/vaults_secrets" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2018-02-14/Microsoft.KeyVault.json#/resourceDefinitions/vaults" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2018-02-14/Microsoft.KeyVault.json#/resourceDefinitions/vaults_accessPolicies" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2018-02-14/Microsoft.KeyVault.json#/resourceDefinitions/vaults_privateEndpointConnections" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2018-02-14/Microsoft.KeyVault.json#/resourceDefinitions/vaults_secrets" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2018-02-14-preview/Microsoft.KeyVault.json#/resourceDefinitions/vaults" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2018-02-14-preview/Microsoft.KeyVault.json#/resourceDefinitions/vaults_accessPolicies" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2018-02-14-preview/Microsoft.KeyVault.json#/resourceDefinitions/vaults_secrets" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2019-09-01/Microsoft.KeyVault.json#/resourceDefinitions/vaults" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2019-09-01/Microsoft.KeyVault.json#/resourceDefinitions/vaults_accessPolicies" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2019-09-01/Microsoft.KeyVault.json#/resourceDefinitions/vaults_keys" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2019-09-01/Microsoft.KeyVault.json#/resourceDefinitions/vaults_privateEndpointConnections" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2019-09-01/Microsoft.KeyVault.json#/resourceDefinitions/vaults_secrets" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2020-04-01-preview/Microsoft.KeyVault.json#/resourceDefinitions/managedHSMs" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2020-04-01-preview/Microsoft.KeyVault.json#/resourceDefinitions/vaults" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2020-04-01-preview/Microsoft.KeyVault.json#/resourceDefinitions/vaults_accessPolicies" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2020-04-01-preview/Microsoft.KeyVault.json#/resourceDefinitions/vaults_privateEndpointConnections" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2020-04-01-preview/Microsoft.KeyVault.json#/resourceDefinitions/vaults_secrets" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2021-04-01-preview/Microsoft.KeyVault.json#/resourceDefinitions/managedHSMs" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2021-04-01-preview/Microsoft.KeyVault.json#/resourceDefinitions/managedHSMs_privateEndpointConnections" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2021-04-01-preview/Microsoft.KeyVault.json#/resourceDefinitions/vaults" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2021-04-01-preview/Microsoft.KeyVault.json#/resourceDefinitions/vaults_accessPolicies" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2021-04-01-preview/Microsoft.KeyVault.json#/resourceDefinitions/vaults_privateEndpointConnections" - }, - { - "$ref": "https://schema.management.azure.com/schemas/2021-04-01-preview/Microsoft.KeyVault.json#/resourceDefinitions/vaults_secrets" - }, { "$ref": "https://schema.management.azure.com/schemas/2020-01-01-preview/Microsoft.Kubernetes.json#/resourceDefinitions/connectedClusters" },