swagger: '2.0' info: title: Microsoft Azure CheckPolicyRestrictionsClient version: 2020-07-01-preview host: management.azure.com schemes: - https produces: - application/json security: - azure_auth: - user_impersonation securityDefinitions: azure_auth: type: oauth2 authorizationUrl: https://login.microsoftonline.com/common/oauth2/authorize flow: implicit description: Azure Active Directory OAuth2 Flow scopes: user_impersonation: impersonate your user account paths: /subscriptions/{subscriptionId}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions: post: operationId: microsoftAzurePolicyrestrictionsCheckatsubscriptionscope description: >- Checks what restrictions Azure Policy will place on a resource within a subscription. parameters: - $ref: >- ../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter - $ref: >- ../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter - name: parameters in: body required: true schema: $ref: '#/definitions/CheckRestrictionsRequest' description: The check policy restrictions parameters. responses: '200': description: >- The restrictions that will be placed on the resource by Azure Policy. schema: $ref: '#/definitions/CheckRestrictionsResult' default: description: Error response describing why the operation failed. schema: $ref: >- ../../stable/2019-10-01/policyMetadata.json#/definitions/ErrorResponse x-ms-examples: Check policy restrictions at subscription scope: $ref: ./examples/PolicyRestrictions_CheckAtSubscriptionScope.json summary: >- Microsoft Azure Post Subscriptions Subscriptionid Providers Microsoft Policyinsights Checkpolicyrestrictions tags: - Subscriptions ? /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions : post: operationId: microsoftAzurePolicyrestrictionsCheckatresourcegroupscope description: >- Checks what restrictions Azure Policy will place on a resource within a resource group. Use this when the resource group the resource will be created in is already known. parameters: - $ref: >- ../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter - $ref: >- ../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter - $ref: >- ../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter - name: parameters in: body required: true schema: $ref: '#/definitions/CheckRestrictionsRequest' description: The check policy restrictions parameters. responses: '200': description: >- The restrictions that will be placed on the resource by Azure Policy. schema: $ref: '#/definitions/CheckRestrictionsResult' default: description: Error response describing why the operation failed. schema: $ref: >- ../../stable/2019-10-01/policyMetadata.json#/definitions/ErrorResponse x-ms-examples: Check policy restrictions at resource group scope: $ref: ./examples/PolicyRestrictions_CheckAtResourceGroupScope.json summary: >- Microsoft Azure Post Subscriptions Subscriptionid Resourcegroups Resourcegroupname Providers Microsoft Policyinsights Checkpolicyrestrictions tags: - Subscriptions definitions: CheckRestrictionsRequest: description: >- The check policy restrictions parameters describing the resource that is being evaluated. properties: resourceDetails: description: The information about the resource that will be evaluated. $ref: '#/definitions/CheckRestrictionsResourceDetails' pendingFields: description: >- The list of fields and values that should be evaluated for potential restrictions. type: array items: $ref: '#/definitions/PendingField' required: - resourceDetails CheckRestrictionsResourceDetails: description: The information about the resource that will be evaluated. properties: resourceContent: description: >- The resource content. This should include whatever properties are already known and can be a partial set of all resource properties. type: object apiVersion: description: The api-version of the resource content. type: string scope: description: >- The scope where the resource is being created. For example, if the resource is a child resource this would be the parent resource's resource ID. type: string required: - resourceContent PendingField: description: >- A field that should be evaluated against Azure Policy to determine restrictions. properties: field: description: >- The name of the field. This can be a top-level property like 'name' or 'type' or an Azure Policy field alias. type: string values: description: >- The list of potential values for the field that should be evaluated against Azure Policy. type: array items: type: string required: - field CheckRestrictionsResult: description: The result of a check policy restrictions evaluation on a resource. properties: fieldRestrictions: description: >- The restrictions that will be placed on various fields in the resource by policy. type: array items: $ref: '#/definitions/FieldRestrictions' readOnly: true contentEvaluationResult: description: Evaluation results for the provided partial resource content. properties: policyEvaluations: description: >- Policy evaluation results against the given resource content. This will indicate if the partial content that was provided will be denied as-is. type: array items: $ref: '#/definitions/PolicyEvaluationResult' readOnly: true FieldRestrictions: description: The restrictions that will be placed on a field in the resource by policy. properties: field: description: >- The name of the field. This can be a top-level property like 'name' or 'type' or an Azure Policy field alias. type: string readOnly: true restrictions: description: The restrictions placed on that field by policy. type: array items: $ref: '#/definitions/FieldRestriction' FieldRestriction: description: The restrictions on a field imposed by a specific policy. properties: result: description: The type of restriction that is imposed on the field. type: string enum: - Required - Removed - Deny x-ms-enum: name: FieldRestrictionResult modelAsString: true values: - value: Required description: The field and/or values are required by policy. - value: Removed description: The field will be removed by policy. - value: Deny description: The field and/or values will be denied by policy. readOnly: true defaultValue: description: >- The value that policy will set for the field if the user does not provide a value. type: string readOnly: true values: description: The values that policy either requires or denies for the field. type: array items: type: string readOnly: true policy: description: The details of the policy that is causing the field restriction. $ref: '#/definitions/PolicyReference' readOnly: true PolicyEvaluationResult: description: >- The result of a non-compliant policy evaluation against the given resource content. properties: policyInfo: description: The details of the policy that was evaluated. $ref: '#/definitions/PolicyReference' readOnly: true evaluationResult: description: >- The result of the policy evaluation against the resource. This will typically be 'NonCompliant' but may contain other values if errors were encountered. type: string readOnly: true evaluationDetails: description: >- The detailed results of the policy expressions and values that were evaluated. $ref: >- ../../stable/2019-10-01/policyStates.json#/definitions/PolicyEvaluationDetails readOnly: true PolicyReference: description: Resource identifiers for a policy. properties: policyDefinitionId: description: The resource identifier of the policy definition. type: string readOnly: true policySetDefinitionId: description: The resource identifier of the policy set definition. type: string readOnly: true policyDefinitionReferenceId: description: >- The reference identifier of a specific policy definition within a policy set definition. type: string readOnly: true policyAssignmentId: description: The resource identifier of the policy assignment. type: string readOnly: true tags: - name: Subscriptions