Add policy set definition APIs #1587
Conversation
|
@gandhiniraj @cyl3392207 Please review this one instead @vishrutshah Mike and Niraj are from the ARM team, who can review this. So is @brendandburns who signed off on the previous PR |
|
@veronicagg Taking it over to my plate as i made them close and re-open new one :) @vivsriaus Thanks for adding two commits. We'll review it as soon as ARM team signs-off. |
vishrutshah
added
ARM
WaitForARMFeedback
|
@ravbhatnagar Let me know if this has been gone through ARM sign-off. @vivsriaus Meanwhile, would you mind please providing us with the x-ms-examples for new operations to help us with model validation. Thanks! |
|
@vishrutshah Examples added. Thanks for catching that! |
|
@vishrutshah Let me know if this looks good to be merged. Thanks |
… into AddPolicySetNew
|
@ravbhatnagar Could you please review this from ARM perspective, please? Thanks! |
| }, | ||
| "/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/policyassignments": { | ||
| }, | ||
| "/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/policyassignments": { |
There was a problem hiding this comment.
camelcase policyAssignments
| } | ||
| } | ||
| }, | ||
| "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policysetdefinitions/{policySetDefinitionName}": { |
| "$ref": "#/definitions/PolicySetDefinitionProperties", | ||
| "description": "The policy definition properties." | ||
| }, | ||
| "id": { |
| "type": "string", | ||
| "description": "The ID of the policy set definition." | ||
| }, | ||
| "name": { |
There was a problem hiding this comment.
name should be settable
There was a problem hiding this comment.
name comes from the URL. It is not settable in the request body
There was a problem hiding this comment.
you can pass name in the request body, and we throw an error when the passed in name doesn't match what is in the Url
| "type": "string", | ||
| "description": "The name of the policy set definition. If you do not specify a value for name, the value is inferred from the name value in the request URI." | ||
| } | ||
| }, |
There was a problem hiding this comment.
type property missing.
| }, | ||
| "x-ms-odata": "#/definitions/PolicySetDefinition" | ||
| } | ||
| }, |
There was a problem hiding this comment.
I don't see a PATCH in our source code
| "$ref": "#/parameters/SubscriptionIdParameter" | ||
| } | ||
| ], | ||
| "responses": { |
There was a problem hiding this comment.
Please add a default response to capture all the error responses. The shape of the error object complies with RPC. Example here - https://github.com/Azure/azure-rest-api-specs/blob/current/specification/batch/resource-manager/Microsoft.Batch/2017-05-01/BatchManagement.json#L101
| "$ref": "#/parameters/SubscriptionIdParameter" | ||
| } | ||
| ], | ||
| "responses": { |
There was a problem hiding this comment.
The description of 204 can state that the policysetDefinition does not exist in the subscription
There was a problem hiding this comment.
We usually use the http code description in our specs, so I'm keeping it consistent across the board. For instance, like this.
There was a problem hiding this comment.
This is something that we can improve across the board then. Lets start with the new APIs we are adding. More/clear description is always better :)
| "description": "Gets all the policy set definitions for a subscription.", | ||
| "parameters": [ | ||
| { | ||
| "name": "$filter", |
There was a problem hiding this comment.
What is supported through $filter. It would be good if the common cases are called out in the description.
| "description": "The policy definition properties." | ||
| }, | ||
| "PolicySetDefinitionProperties": { | ||
| "properties": { |
There was a problem hiding this comment.
do you need a provisioningState property?
There was a problem hiding this comment.
I don't think we need it
There was a problem hiding this comment.
If the creates are not long running than its fine.
ravbhatnagar
added
ReadyForSDKReview
and removed
WaitForARMFeedback
… into AddPolicySetNew
… into AddPolicySetNew
|
@vishrutshah The CI is failing because it says ErrorResponse is not allowed as part of responses? We had default error responses for our other spec file (here) and didn't receive any validation errors then. Can you please take a look? |
| }, | ||
| "parameters": { | ||
| "type": "object", | ||
| "description": "Required if a parameter is used in policy rule." |
There was a problem hiding this comment.
This description should be updated as it is not applicable to setDefinitions. Should be something along the lines of "The policy set definition parameters that can be used in policy definition references"
| "swagger": "2.0", | ||
| "info": { | ||
| "title": "PolicyClient", | ||
| "version": "2017-06-01-preview", |
There was a problem hiding this comment.
policyDefinitions don't have this api-version (though they probably should have with mode added). I think that means you need to split out the swagger specs from 2016-12-01 and combine policyDefinitions there with policyAssignments and policySetDefinitions here.
There was a problem hiding this comment.
I don't understand. policyDefinitions APIs won't work with 2017-06-01-preview version?
There was a problem hiding this comment.
Correct, api-versions are resourceType specific and policyDefinitions did not have a change that the people who made the changes thought warranted a new api-version. Calls to its APIs with 2017-06-01-preview will not work
There was a problem hiding this comment.
Ah, I see. Before I go ahead and do the split, shouldn't we bump the api-version for policyDefinitions as well, now that we have mode?
There was a problem hiding this comment.
Mode was already released to prod on all existing api-versions so it could be even more breaking to restrict it now (even though its probably not used by anyone yet). There is the option of introducing a new api-version on policyDefinitions just to make this work easier but I don't know if that's a great idea. It will be good to have them split in the future so they can be incremented individually when needed. If everything gets a new api-version every time anything changes you end up with a ton of api-versions that user has to wade through.
See Microsoft.SQL for an example of resource types that were split out into their own swagger specs
| "description": "Policies required to minimize the risk of accidental cost overruns", | ||
| "metadata": { | ||
| "category": "Cost Management" | ||
| }, |
There was a problem hiding this comment.
example should include parameters since they are typically the most complex part of these objects
| "parameters": { | ||
| "listOfAllowedSKUs": { | ||
| "value": [ | ||
| "“Standard_GRS”", |
There was a problem hiding this comment.
both of these values should just have 1 "
| "parameters": { | ||
| "listOfAllowedSKUs": { | ||
| "value": [ | ||
| "“Standard_GRS”", |
| "type": "string", | ||
| "description": "The display name of the policy definition." | ||
| }, | ||
| "description": { |
There was a problem hiding this comment.
policyDefinition supports metadata now
| }, | ||
| "description": "The policy's excluded scopes." | ||
| }, | ||
| "parameters": { |
There was a problem hiding this comment.
policyAssignment supports metadata
| }, | ||
| "policyDefinitionId": { | ||
| "type": "string", | ||
| "description": "The ID of the policy definition." |
There was a problem hiding this comment.
Can the description be "The ID of the policy definition or policy set definition"
| @@ -0,0 +1,44 @@ | |||
| { | |||
| "parameters": { | |||
There was a problem hiding this comment.
these example files need to be referenced in the swagger spec for them to show up in documentation, right? See https://github.com/pilor/azure-rest-api-specs/blob/current/documentation/x-ms-examples.md
There was a problem hiding this comment.
Of course they should! thanks for catching this
| @@ -0,0 +1,1102 @@ | |||
| { | |||
There was a problem hiding this comment.
This new spec needs to be added to the root readme.md to have it included in autorest packages, correct?
… into AddPolicySetNew
vishrutshah
left a comment
vishrutshah
left a comment
There was a problem hiding this comment.
Left some minor comments. I'll wait for the build to complete to check on validation results on semantic, model and linter results.
| - Microsoft.Authorization/2015-01-01/locks.json | ||
| ``` | ||
|
|
||
| ### Tag: package-policy-2017-06 |
There was a problem hiding this comment.
Will you be having the api-version 2017-06-01 in future without -preview in api-version? In that case, I'd recommend tag to reflect the -preview.
| ], | ||
| "responses": { | ||
| "204": { | ||
| "description": "No Content" |
There was a problem hiding this comment.
Please provide better descriptions as per recommendation from Gaurav that'd not only help SDK but also better API documentations as well
| ], | ||
| "responses": { | ||
| "200": { | ||
| "description": "OK - Returns ana array of policy definitions.", |
vishrutshah
left a comment
vishrutshah
left a comment
There was a problem hiding this comment.
Please review model validation errors https://travis-ci.org/Azure/azure-rest-api-specs/jobs/272643689#L670 Thanks!
| "description": "The policy definition.", | ||
| "x-ms-azure-resource": true | ||
| }, | ||
| "PolicySetDefinition": { |
There was a problem hiding this comment.
Seems like this model is missing property named as type from the example.
https://travis-ci.org/Azure/azure-rest-api-specs/jobs/272643689#L691
… into AddPolicySetNew
| "policyDefinitionId": "/subscriptions/subid/providers/Microsoft.Authorization/policyDefinitions/storageSkus", | ||
| "parameters": { | ||
| "allowedLocations": { | ||
| "value": [ |
There was a problem hiding this comment.
To make this clear and valid can you change this to "parameters": { "validLocations": { "value": "[parameters('allowedLocations')]" } }?
| - Microsoft.Authorization/2015-01-01/locks.json | ||
| ``` | ||
|
|
||
| ### Tag: package-policy-2017-06 |
There was a problem hiding this comment.
line 40 should change to reference this new tag
pilor
left a comment
pilor
left a comment
There was a problem hiding this comment.
Just added 2 more minor comments
|
Hi There, I am the AutoRest Linter Azure bot. I am here to help. My task is to analyze the situation from the AutoRest linter perspective. Please review the below analysis result: File: AutoRest Linter Guidelines | AutoRest Linter Issues Send feedback and make AutoRest Linter Azure Bot smarter day by day! Thanks for your co-operation. |
|
Please review the |
|
@vishrutshah the error says valid example for response 200 is missing for createOrUpdatePolicySetDefinition. The response would be the same, so I don't think it warrants a separate example. Agree? |
|
@vishrutshah can you please look into this? |
|
Hi @vivsriaus, regarding
We'd like to make the examples complete. That menas that you'd define the sample responses for all the response code defined in the swagger. Otherwise tool cannot validate whether provided example is complete or not just based on the model are same. It's be great if you can provide sample response in example for code |
|
Hi There, I am the AutoRest Linter Azure bot. I am here to help. My task is to analyze the situation from the AutoRest linter perspective. Please review the below analysis result: File: AutoRest Linter Guidelines | AutoRest Linter Issues Send feedback and make AutoRest Linter Azure Bot smarter day by day! Thanks for your co-operation. |
ravbhatnagar
added
the
ARMSignedOff
|
No modification for AutorestCI/azure-sdk-for-node |
9 participants
Add policy set definition APIs, add notScopes to policy assignment, add policyMode to policy definition, update the api-version
This checklist is used to make sure that common issues in a pull request are addressed. This will expedite the process of getting your pull request merged and avoid extra work on your part to fix issues discovered during the review process.
PR information
api-versionin the path should match theapi-versionin the spec).Quality of Swagger