From c473e56caedcc524f3e6501e636cb091c1bc2a27 Mon Sep 17 00:00:00 2001 From: SDKAuto Date: Mon, 31 Oct 2022 17:20:34 +0000 Subject: [PATCH] CodeGen from PR 20839 in Azure/azure-rest-api-specs Merge 9e21bbcee8a7b1bbc35cdba274515114410c68f7 into 5fc05d0f0b15cbf16de942cadce464b495c66a58 --- schemas/2022-11-01/Microsoft.KeyVault.json | 2517 ++++++++++++++++++++ schemas/common/autogeneratedResources.json | 24 + 2 files changed, 2541 insertions(+) create mode 100644 schemas/2022-11-01/Microsoft.KeyVault.json diff --git a/schemas/2022-11-01/Microsoft.KeyVault.json b/schemas/2022-11-01/Microsoft.KeyVault.json new file mode 100644 index 0000000000..fbea8240b1 --- /dev/null +++ b/schemas/2022-11-01/Microsoft.KeyVault.json @@ -0,0 +1,2517 @@ +{ + "id": "https://schema.management.azure.com/schemas/2022-11-01/Microsoft.KeyVault.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.KeyVault", + "description": "Microsoft KeyVault Resource Types", + "resourceDefinitions": { + "managedHSMs": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2022-11-01" + ] + }, + "location": { + "type": "string", + "description": "The supported Azure location where the managed HSM Pool should be created." + }, + "name": { + "type": "string", + "description": "Name of the managed HSM Pool" + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedHsmProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of the managed HSM Pool" + }, + "resources": { + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/managedHSMs_privateEndpointConnections_childResource" + }, + { + "$ref": "#/definitions/managedHSMs_keys_childResource" + } + ] + } + }, + "sku": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedHsmSku" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "SKU details" + }, + "systemData": { + "oneOf": [ + { + "$ref": "#/definitions/SystemData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Metadata pertaining to creation and last modification of the key vault resource." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Resource tags" + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.KeyVault/managedHSMs" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/managedHSMs" + }, + "managedHSMs_keys": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2022-11-01" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^[a-zA-Z0-9-]{1,127}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the key to be created. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedHsmKeyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The properties of the key." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The tags that will be assigned to the key." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.KeyVault/managedHSMs/keys" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/managedHSMs/keys" + }, + "managedHSMs_privateEndpointConnections": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2022-11-01" + ] + }, + "etag": { + "type": "string", + "description": "Modified whenever there is a change in the state of private endpoint connection." + }, + "location": { + "type": "string", + "description": "The supported Azure location where the managed HSM Pool should be created." + }, + "name": { + "type": "string", + "description": "Name of the private endpoint connection associated with the managed hsm pool." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/MHSMPrivateEndpointConnectionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of the private endpoint connection resource." + }, + "sku": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedHsmSku" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "SKU details" + }, + "systemData": { + "oneOf": [ + { + "$ref": "#/definitions/SystemData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Metadata pertaining to creation and last modification of the key vault resource." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Resource tags" + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.KeyVault/managedHSMs/privateEndpointConnections" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/managedHSMs/privateEndpointConnections" + }, + "vaults": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2022-11-01" + ] + }, + "location": { + "type": "string", + "description": "The supported Azure location where the key vault should be created." + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^[a-zA-Z0-9-]{3,24}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Name of the vault" + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/VaultProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of the vault" + }, + "resources": { + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/vaults_keys_childResource" + }, + { + "$ref": "#/definitions/vaults_accessPolicies_childResource" + }, + { + "$ref": "#/definitions/vaults_privateEndpointConnections_childResource" + }, + { + "$ref": "#/definitions/vaults_secrets_childResource" + } + ] + } + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The tags that will be assigned to the key vault." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.KeyVault/vaults" + ] + } + }, + "required": [ + "apiVersion", + "location", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/vaults" + }, + "vaults_accessPolicies": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2022-11-01" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "enum": [ + "add", + "replace", + "remove" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Name of the operation." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/VaultAccessPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of the vault access policy" + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.KeyVault/vaults/accessPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/vaults/accessPolicies" + }, + "vaults_keys": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2022-11-01" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^[a-zA-Z0-9-]{1,127}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the key to be created. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/KeyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The properties of the key." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The tags that will be assigned to the key." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.KeyVault/vaults/keys" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/vaults/keys" + }, + "vaults_privateEndpointConnections": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2022-11-01" + ] + }, + "etag": { + "type": "string", + "description": "Modified whenever there is a change in the state of private endpoint connection." + }, + "name": { + "type": "string", + "description": "Name of the private endpoint connection associated with the key vault." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateEndpointConnectionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of the private endpoint connection resource." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.KeyVault/vaults/privateEndpointConnections" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/vaults/privateEndpointConnections" + }, + "vaults_secrets": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2022-11-01" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^[a-zA-Z0-9-]{1,127}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Name of the secret. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SecretProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of the secret" + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The tags that will be assigned to the secret. " + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.KeyVault/vaults/secrets" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/vaults/secrets" + } + }, + "definitions": { + "AccessPolicyEntry": { + "type": "object", + "properties": { + "applicationId": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": " Application ID of the client making request on behalf of a principal" + }, + "objectId": { + "type": "string", + "description": "The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies." + }, + "permissions": { + "oneOf": [ + { + "$ref": "#/definitions/Permissions" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Permissions the identity has for keys, secrets, certificates and storage." + }, + "tenantId": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault." + } + }, + "required": [ + "objectId", + "permissions", + "tenantId" + ], + "description": "An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID." + }, + "Action": { + "type": "object", + "properties": { + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "rotate", + "notify" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of action." + } + } + }, + "IPRule": { + "type": "object", + "properties": { + "value": { + "type": "string", + "description": "An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78)." + } + }, + "required": [ + "value" + ], + "description": "A rule governing the accessibility of a vault from a specific ip address or ip range." + }, + "KeyAttributes": { + "type": "object", + "properties": { + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Determines whether or not the object is enabled." + }, + "exp": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Expiry date in seconds since 1970-01-01T00:00:00Z." + }, + "exportable": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Indicates if the private key can be exported." + }, + "nbf": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Not before date in seconds since 1970-01-01T00:00:00Z." + } + }, + "description": "The object attributes managed by the Azure Key Vault service." + }, + "KeyProperties": { + "type": "object", + "properties": { + "attributes": { + "oneOf": [ + { + "$ref": "#/definitions/KeyAttributes" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The object attributes managed by the Azure Key Vault service." + }, + "curveName": { + "oneOf": [ + { + "type": "string", + "enum": [ + "P-256", + "P-384", + "P-521", + "P-256K" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The elliptic curve name. For valid values, see JsonWebKeyCurveName." + }, + "keyOps": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string", + "enum": [ + "encrypt", + "decrypt", + "sign", + "verify", + "wrapKey", + "unwrapKey", + "import", + "release" + ] + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "keySize": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The key size in bits. For example: 2048, 3072, or 4096 for RSA." + }, + "kty": { + "oneOf": [ + { + "type": "string", + "enum": [ + "EC", + "EC-HSM", + "RSA", + "RSA-HSM" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of the key. For valid values, see JsonWebKeyType." + }, + "release_policy": { + "oneOf": [ + { + "$ref": "#/definitions/KeyReleasePolicy" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "rotationPolicy": { + "oneOf": [ + { + "$ref": "#/definitions/RotationPolicy" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + } + }, + "description": "The properties of the key." + }, + "KeyReleasePolicy": { + "type": "object", + "properties": { + "contentType": { + "type": "string", + "default": "application/json; charset=utf-8", + "description": "Content type and version of key release policy" + }, + "data": { + "type": "string", + "format": "base64url", + "description": "Blob encoding the policy rules under which the key can be released." + } + } + }, + "KeyRotationPolicyAttributes": { + "type": "object", + "properties": { + "expiryTime": { + "type": "string", + "description": "The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'." + } + } + }, + "LifetimeAction": { + "type": "object", + "properties": { + "action": { + "oneOf": [ + { + "$ref": "#/definitions/Action" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "trigger": { + "oneOf": [ + { + "$ref": "#/definitions/Trigger" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + } + } + }, + "ManagedHsmAction": { + "type": "object", + "properties": { + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "rotate", + "notify" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of action." + } + } + }, + "ManagedHsmKeyAttributes": { + "type": "object", + "properties": { + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Determines whether or not the object is enabled." + }, + "exp": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Expiry date in seconds since 1970-01-01T00:00:00Z." + }, + "exportable": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Indicates if the private key can be exported." + }, + "nbf": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Not before date in seconds since 1970-01-01T00:00:00Z." + } + }, + "description": "The object attributes managed by the Azure Key Vault service." + }, + "ManagedHsmKeyProperties": { + "type": "object", + "properties": { + "attributes": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedHsmKeyAttributes" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The object attributes managed by the Azure Key Vault service." + }, + "curveName": { + "oneOf": [ + { + "type": "string", + "enum": [ + "P-256", + "P-384", + "P-521", + "P-256K" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The elliptic curve name. For valid values, see JsonWebKeyCurveName." + }, + "keyOps": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string", + "enum": [ + "encrypt", + "decrypt", + "sign", + "verify", + "wrapKey", + "unwrapKey", + "import", + "release" + ] + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "keySize": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The key size in bits. For example: 2048, 3072, or 4096 for RSA." + }, + "kty": { + "oneOf": [ + { + "type": "string", + "enum": [ + "EC", + "EC-HSM", + "RSA", + "RSA-HSM" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of the key. For valid values, see JsonWebKeyType." + }, + "release_policy": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedHsmKeyReleasePolicy" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "rotationPolicy": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedHsmRotationPolicy" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + } + }, + "description": "The properties of the key." + }, + "ManagedHsmKeyReleasePolicy": { + "type": "object", + "properties": { + "contentType": { + "type": "string", + "default": "application/json; charset=utf-8", + "description": "Content type and version of key release policy" + }, + "data": { + "type": "string", + "format": "base64url", + "description": "Blob encoding the policy rules under which the key can be released." + } + } + }, + "ManagedHsmKeyRotationPolicyAttributes": { + "type": "object", + "properties": { + "expiryTime": { + "type": "string", + "description": "The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'." + } + } + }, + "ManagedHsmLifetimeAction": { + "type": "object", + "properties": { + "action": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedHsmAction" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "trigger": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedHsmTrigger" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + } + } + }, + "ManagedHsmProperties": { + "type": "object", + "properties": { + "createMode": { + "oneOf": [ + { + "type": "string", + "enum": [ + "recover", + "default" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The create mode to indicate whether the resource is being created or is being recovered from a deleted resource." + }, + "enablePurgeProtection": { + "oneOf": [ + { + "type": "boolean", + "default": true + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Property specifying whether protection against purge is enabled for this managed HSM pool. Setting this property to true activates protection against purge for this managed HSM pool and its content - only the Managed HSM service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible." + }, + "enableSoftDelete": { + "oneOf": [ + { + "type": "boolean", + "default": true + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Property to specify whether the 'soft delete' functionality is enabled for this managed HSM pool. If it's not set to any value(true or false) when creating new managed HSM pool, it will be set to true by default. Once set to true, it cannot be reverted to false." + }, + "initialAdminObjectIds": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Array of initial administrators object ids for this managed hsm pool." + }, + "networkAcls": { + "oneOf": [ + { + "$ref": "#/definitions/MHSMNetworkRuleSet" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A set of rules governing the network accessibility of a managed hsm pool." + }, + "publicNetworkAccess": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Control permission for data plane traffic coming from public networks while private endpoint is enabled." + }, + "softDeleteRetentionInDays": { + "oneOf": [ + { + "type": "integer", + "default": "90" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "softDelete data retention days. It accepts >=7 and <=90." + }, + "tenantId": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Azure Active Directory tenant ID that should be used for authenticating requests to the managed HSM pool." + } + }, + "description": "Properties of the managed HSM Pool" + }, + "ManagedHsmRotationPolicy": { + "type": "object", + "properties": { + "attributes": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedHsmKeyRotationPolicyAttributes" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "lifetimeActions": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ManagedHsmLifetimeAction" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The lifetimeActions for key rotation action." + } + } + }, + "ManagedHsmSku": { + "type": "object", + "properties": { + "family": { + "oneOf": [ + { + "type": "string", + "enum": [ + "B" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "SKU Family of the managed HSM Pool" + }, + "name": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Standard_B1", + "Custom_B32" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "SKU of the managed HSM Pool." + } + }, + "required": [ + "family", + "name" + ], + "description": "SKU details" + }, + "managedHSMs_keys_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2022-11-01" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^[a-zA-Z0-9-]{1,127}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the key to be created. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedHsmKeyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The properties of the key." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The tags that will be assigned to the key." + }, + "type": { + "type": "string", + "enum": [ + "keys" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/managedHSMs/keys" + }, + "managedHSMs_privateEndpointConnections_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2022-11-01" + ] + }, + "etag": { + "type": "string", + "description": "Modified whenever there is a change in the state of private endpoint connection." + }, + "location": { + "type": "string", + "description": "The supported Azure location where the managed HSM Pool should be created." + }, + "name": { + "type": "string", + "description": "Name of the private endpoint connection associated with the managed hsm pool." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/MHSMPrivateEndpointConnectionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of the private endpoint connection resource." + }, + "sku": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedHsmSku" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "SKU details" + }, + "systemData": { + "oneOf": [ + { + "$ref": "#/definitions/SystemData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Metadata pertaining to creation and last modification of the key vault resource." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Resource tags" + }, + "type": { + "type": "string", + "enum": [ + "privateEndpointConnections" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/managedHSMs/privateEndpointConnections" + }, + "ManagedHsmTrigger": { + "type": "object", + "properties": { + "timeAfterCreate": { + "type": "string", + "description": "The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'." + }, + "timeBeforeExpiry": { + "type": "string", + "description": "The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'." + } + } + }, + "MHSMIPRule": { + "type": "object", + "properties": { + "value": { + "type": "string", + "description": "An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78)." + } + }, + "required": [ + "value" + ], + "description": "A rule governing the accessibility of a managed HSM pool from a specific IP address or IP range." + }, + "MHSMNetworkRuleSet": { + "type": "object", + "properties": { + "bypass": { + "oneOf": [ + { + "type": "string", + "enum": [ + "AzureServices", + "None" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'." + }, + "defaultAction": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Allow", + "Deny" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated." + }, + "ipRules": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/MHSMIPRule" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The list of IP address rules." + }, + "virtualNetworkRules": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/MHSMVirtualNetworkRule" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The list of virtual network rules." + } + }, + "description": "A set of rules governing the network accessibility of a managed hsm pool." + }, + "MHSMPrivateEndpoint": { + "type": "object", + "properties": {}, + "description": "Private endpoint object properties." + }, + "MHSMPrivateEndpointConnectionProperties": { + "type": "object", + "properties": { + "privateEndpoint": { + "oneOf": [ + { + "$ref": "#/definitions/MHSMPrivateEndpoint" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Private endpoint object properties." + }, + "privateLinkServiceConnectionState": { + "oneOf": [ + { + "$ref": "#/definitions/MHSMPrivateLinkServiceConnectionState" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "An object that represents the approval state of the private link connection." + }, + "provisioningState": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Succeeded", + "Creating", + "Updating", + "Deleting", + "Failed", + "Disconnected" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Provisioning state of the private endpoint connection." + } + }, + "description": "Properties of the private endpoint connection resource." + }, + "MHSMPrivateLinkServiceConnectionState": { + "type": "object", + "properties": { + "actionsRequired": { + "oneOf": [ + { + "type": "string", + "enum": [ + "None" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A message indicating if changes on the service provider require any updates on the consumer." + }, + "description": { + "type": "string", + "description": "The reason for approval or rejection." + }, + "status": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Pending", + "Approved", + "Rejected", + "Disconnected" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Indicates whether the connection has been approved, rejected or removed by the key vault owner." + } + }, + "description": "An object that represents the approval state of the private link connection." + }, + "MHSMVirtualNetworkRule": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'." + } + }, + "required": [ + "id" + ], + "description": "A rule governing the accessibility of a managed hsm pool from a specific virtual network." + }, + "NetworkRuleSet": { + "type": "object", + "properties": { + "bypass": { + "oneOf": [ + { + "type": "string", + "enum": [ + "AzureServices", + "None" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'." + }, + "defaultAction": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Allow", + "Deny" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated." + }, + "ipRules": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/IPRule" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The list of IP address rules." + }, + "virtualNetworkRules": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/VirtualNetworkRule" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The list of virtual network rules." + } + }, + "description": "A set of rules governing the network accessibility of a vault." + }, + "Permissions": { + "type": "object", + "properties": { + "certificates": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string", + "enum": [ + "all", + "get", + "list", + "delete", + "create", + "import", + "update", + "managecontacts", + "getissuers", + "listissuers", + "setissuers", + "deleteissuers", + "manageissuers", + "recover", + "purge", + "backup", + "restore" + ] + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Permissions to certificates" + }, + "keys": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string", + "enum": [ + "all", + "encrypt", + "decrypt", + "wrapKey", + "unwrapKey", + "sign", + "verify", + "get", + "list", + "create", + "update", + "import", + "delete", + "backup", + "restore", + "recover", + "purge", + "release", + "rotate", + "getrotationpolicy", + "setrotationpolicy" + ] + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Permissions to keys" + }, + "secrets": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string", + "enum": [ + "all", + "get", + "list", + "set", + "delete", + "backup", + "restore", + "recover", + "purge" + ] + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Permissions to secrets" + }, + "storage": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string", + "enum": [ + "all", + "get", + "list", + "delete", + "set", + "update", + "regeneratekey", + "recover", + "purge", + "backup", + "restore", + "setsas", + "listsas", + "getsas", + "deletesas" + ] + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Permissions to storage accounts" + } + }, + "description": "Permissions the identity has for keys, secrets, certificates and storage." + }, + "PrivateEndpoint": { + "type": "object", + "properties": {}, + "description": "Private endpoint object properties." + }, + "PrivateEndpointConnectionProperties": { + "type": "object", + "properties": { + "privateEndpoint": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateEndpoint" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Private endpoint object properties." + }, + "privateLinkServiceConnectionState": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateLinkServiceConnectionState" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "An object that represents the approval state of the private link connection." + }, + "provisioningState": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Succeeded", + "Creating", + "Updating", + "Deleting", + "Failed", + "Disconnected" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Provisioning state of the private endpoint connection." + } + }, + "description": "Properties of the private endpoint connection resource." + }, + "PrivateLinkServiceConnectionState": { + "type": "object", + "properties": { + "actionsRequired": { + "oneOf": [ + { + "type": "string", + "enum": [ + "None" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A message indicating if changes on the service provider require any updates on the consumer." + }, + "description": { + "type": "string", + "description": "The reason for approval or rejection." + }, + "status": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Pending", + "Approved", + "Rejected", + "Disconnected" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Indicates whether the connection has been approved, rejected or removed by the key vault owner." + } + }, + "description": "An object that represents the approval state of the private link connection." + }, + "RotationPolicy": { + "type": "object", + "properties": { + "attributes": { + "oneOf": [ + { + "$ref": "#/definitions/KeyRotationPolicyAttributes" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "lifetimeActions": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/LifetimeAction" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The lifetimeActions for key rotation action." + } + } + }, + "SecretAttributes": { + "type": "object", + "properties": { + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Determines whether the object is enabled." + }, + "exp": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Expiry date in seconds since 1970-01-01T00:00:00Z." + }, + "nbf": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Not before date in seconds since 1970-01-01T00:00:00Z." + } + }, + "description": "The secret management attributes." + }, + "SecretProperties": { + "type": "object", + "properties": { + "attributes": { + "oneOf": [ + { + "$ref": "#/definitions/SecretAttributes" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The secret management attributes." + }, + "contentType": { + "type": "string", + "description": "The content type of the secret." + }, + "value": { + "type": "string", + "description": "The value of the secret. NOTE: 'value' will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets." + } + }, + "description": "Properties of the secret" + }, + "Sku": { + "type": "object", + "properties": { + "family": { + "oneOf": [ + { + "type": "string", + "enum": [ + "A" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "SKU family name" + }, + "name": { + "oneOf": [ + { + "type": "string", + "enum": [ + "standard", + "premium" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "SKU name to specify whether the key vault is a standard vault or a premium vault." + } + }, + "required": [ + "family", + "name" + ], + "description": "SKU details" + }, + "SystemData": { + "type": "object", + "properties": { + "createdAt": { + "type": "string", + "format": "date-time", + "description": "The timestamp of the key vault resource creation (UTC)." + }, + "createdBy": { + "type": "string", + "description": "The identity that created the key vault resource." + }, + "createdByType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "User", + "Application", + "ManagedIdentity", + "Key" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of identity that created the key vault resource." + }, + "lastModifiedAt": { + "type": "string", + "format": "date-time", + "description": "The timestamp of the key vault resource last modification (UTC)." + }, + "lastModifiedBy": { + "type": "string", + "description": "The identity that last modified the key vault resource." + }, + "lastModifiedByType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "User", + "Application", + "ManagedIdentity", + "Key" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of identity that last modified the key vault resource." + } + }, + "description": "Metadata pertaining to creation and last modification of the key vault resource." + }, + "Trigger": { + "type": "object", + "properties": { + "timeAfterCreate": { + "type": "string", + "description": "The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'." + }, + "timeBeforeExpiry": { + "type": "string", + "description": "The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'." + } + } + }, + "VaultAccessPolicyProperties": { + "type": "object", + "properties": { + "accessPolicies": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/AccessPolicyEntry" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID." + } + }, + "required": [ + "accessPolicies" + ], + "description": "Properties of the vault access policy" + }, + "VaultProperties": { + "type": "object", + "properties": { + "accessPolicies": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/AccessPolicyEntry" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required." + }, + "createMode": { + "oneOf": [ + { + "type": "string", + "enum": [ + "recover", + "default" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The vault's create mode to indicate whether the vault need to be recovered or not." + }, + "enabledForDeployment": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault." + }, + "enabledForDiskEncryption": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys." + }, + "enabledForTemplateDeployment": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault." + }, + "enablePurgeProtection": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value." + }, + "enableRbacAuthorization": { + "oneOf": [ + { + "type": "boolean", + "default": false + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC." + }, + "enableSoftDelete": { + "oneOf": [ + { + "type": "boolean", + "default": true + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false." + }, + "networkAcls": { + "oneOf": [ + { + "$ref": "#/definitions/NetworkRuleSet" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A set of rules governing the network accessibility of a vault." + }, + "provisioningState": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Succeeded", + "RegisteringDns" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Provisioning state of the vault." + }, + "publicNetworkAccess": { + "type": "string", + "default": "enabled", + "description": "Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules." + }, + "sku": { + "oneOf": [ + { + "$ref": "#/definitions/Sku" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "SKU details" + }, + "softDeleteRetentionInDays": { + "oneOf": [ + { + "type": "integer", + "default": "90" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "softDelete data retention days. It accepts >=7 and <=90." + }, + "tenantId": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault." + }, + "vaultUri": { + "type": "string", + "description": "The URI of the vault for performing operations on keys and secrets." + } + }, + "required": [ + "sku", + "tenantId" + ], + "description": "Properties of the vault" + }, + "vaults_accessPolicies_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2022-11-01" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "enum": [ + "add", + "replace", + "remove" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Name of the operation." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/VaultAccessPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of the vault access policy" + }, + "type": { + "type": "string", + "enum": [ + "accessPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/vaults/accessPolicies" + }, + "vaults_keys_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2022-11-01" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^[a-zA-Z0-9-]{1,127}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the key to be created. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/KeyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The properties of the key." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The tags that will be assigned to the key." + }, + "type": { + "type": "string", + "enum": [ + "keys" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/vaults/keys" + }, + "vaults_privateEndpointConnections_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2022-11-01" + ] + }, + "etag": { + "type": "string", + "description": "Modified whenever there is a change in the state of private endpoint connection." + }, + "name": { + "type": "string", + "description": "Name of the private endpoint connection associated with the key vault." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateEndpointConnectionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of the private endpoint connection resource." + }, + "type": { + "type": "string", + "enum": [ + "privateEndpointConnections" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/vaults/privateEndpointConnections" + }, + "vaults_secrets_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2022-11-01" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^[a-zA-Z0-9-]{1,127}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Name of the secret. The value you provide may be copied globally for the purpose of running the service. The value provided should not include personally identifiable or sensitive information." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SecretProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of the secret" + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The tags that will be assigned to the secret. " + }, + "type": { + "type": "string", + "enum": [ + "secrets" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.KeyVault/vaults/secrets" + }, + "VirtualNetworkRule": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'." + }, + "ignoreMissingVnetServiceEndpoint": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured." + } + }, + "required": [ + "id" + ], + "description": "A rule governing the accessibility of a vault from a specific virtual network." + } + } +} \ No newline at end of file diff --git a/schemas/common/autogeneratedResources.json b/schemas/common/autogeneratedResources.json index 79398a49e2..6a401eaa35 100644 --- a/schemas/common/autogeneratedResources.json +++ b/schemas/common/autogeneratedResources.json @@ -12241,6 +12241,30 @@ { "$ref": "https://schema.management.azure.com/schemas/2022-07-01/Microsoft.KeyVault.json#/resourceDefinitions/vaults_secrets" }, + { + "$ref": "https://schema.management.azure.com/schemas/2022-11-01/Microsoft.KeyVault.json#/resourceDefinitions/managedHSMs" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2022-11-01/Microsoft.KeyVault.json#/resourceDefinitions/managedHSMs_keys" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2022-11-01/Microsoft.KeyVault.json#/resourceDefinitions/managedHSMs_privateEndpointConnections" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2022-11-01/Microsoft.KeyVault.json#/resourceDefinitions/vaults" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2022-11-01/Microsoft.KeyVault.json#/resourceDefinitions/vaults_accessPolicies" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2022-11-01/Microsoft.KeyVault.json#/resourceDefinitions/vaults_keys" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2022-11-01/Microsoft.KeyVault.json#/resourceDefinitions/vaults_privateEndpointConnections" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2022-11-01/Microsoft.KeyVault.json#/resourceDefinitions/vaults_secrets" + }, { "$ref": "https://schema.management.azure.com/schemas/2020-01-01-preview/Microsoft.Kubernetes.json#/resourceDefinitions/connectedClusters" },