MICROSOFT.KEYVAULT
Keys_CreateIfNotExist
enum_ActionType := [ "rotate", "notify" ]
enum_KeyPropertiesCurveName := [ "P-256", "P-384", "P-521", "P-256K" ]
enum_KeyPropertiesKeyOps := [ "encrypt", "decrypt", "sign", "verify", "wrapKey", "unwrapKey", "import", "release" ]
enum_KeyPropertiesKty := [ "EC", "EC-HSM", "RSA", "RSA-HSM" ]
valid {
input.Body.tags.STRING == STRING
input.Body.properties.attributes.enabled == BOOLEAN
input.Body.properties.attributes.nbf == INTEGER
input.Body.properties.attributes.exp == INTEGER
input.Body.properties.attributes.exportable == BOOLEAN
input.Body.properties.kty == enum_KeyPropertiesKty[_]
input.Body.properties.keyOps[_] == enum_KeyPropertiesKeyOps[_]
input.Body.properties.keySize == INTEGER
input.Body.properties.curveName == enum_KeyPropertiesCurveName[_]
input.Body.properties.rotationPolicy.attributes.expiryTime == STRING
input.Body.properties.rotationPolicy.lifetimeActions[_].trigger.timeAfterCreate == STRING
input.Body.properties.rotationPolicy.lifetimeActions[_].trigger.timeBeforeExpiry == STRING
input.Body.properties.rotationPolicy.lifetimeActions[_].action.type == enum_ActionType[_]
input.Body.properties.release_policy.contentType == STRING
input.Body.properties.release_policy.data == STRING
input.ReqMap.SubscriptionID == STRING
input.ReqMap.ResourceGroup == STRING
input.ReqMap.vaultName == STRING
input.ReqMap.keyName == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
Keys_Get
valid {
input.ReqMap.SubscriptionID == STRING
input.ReqMap.ResourceGroup == STRING
input.ReqMap.vaultName == STRING
input.ReqMap.keyName == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
Keys_GetVersion
valid {
input.ReqMap.SubscriptionID == STRING
input.ReqMap.ResourceGroup == STRING
input.ReqMap.vaultName == STRING
input.ReqMap.keyName == STRING
input.ReqMap.keyVersion == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
Keys_List
valid {
input.ReqMap.SubscriptionID == STRING
input.ReqMap.ResourceGroup == STRING
input.ReqMap.vaultName == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
Keys_ListVersions
valid {
input.ReqMap.SubscriptionID == STRING
input.ReqMap.ResourceGroup == STRING
input.ReqMap.vaultName == STRING
input.ReqMap.keyName == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
MHSMPrivateEndpointConnections_Delete
valid {
input.ReqMap.SubscriptionID == STRING
input.ReqMap.ResourceGroup == STRING
input.ReqMap.name == STRING
input.ReqMap.privateEndpointConnectionName == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
MHSMPrivateEndpointConnections_Get
valid {
input.ReqMap.SubscriptionID == STRING
input.ReqMap.ResourceGroup == STRING
input.ReqMap.name == STRING
input.ReqMap.privateEndpointConnectionName == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
MHSMPrivateEndpointConnections_ListByResource
valid {
input.ReqMap.SubscriptionID == STRING
input.ReqMap.ResourceGroup == STRING
input.ReqMap.name == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
MHSMPrivateEndpointConnections_Put
enum_MHSMPrivateEndpointServiceConnectionStatus := [ "Pending", "Approved", "Rejected", "Disconnected" ]
enum_MHSMPrivateLinkServiceConnectionStateActionsRequired := [ "None" ]
enum_ManagedHsmSkuFamily := [ "B" ]
enum_ManagedHsmSkuName := [ "Standard_B1", "Custom_B32", "Custom_B6" ]
enum_ManagedServiceIdentityType := [ "None", "SystemAssigned", "UserAssigned", "SystemAssigned,UserAssigned" ]
valid {
input.Body.properties.privateEndpoint == {}
input.Body.properties.privateLinkServiceConnectionState.status == enum_MHSMPrivateEndpointServiceConnectionStatus[_]
input.Body.properties.privateLinkServiceConnectionState.description == STRING
input.Body.properties.privateLinkServiceConnectionState.actionsRequired == enum_MHSMPrivateLinkServiceConnectionStateActionsRequired[_]
input.Body.etag == STRING
input.Body.location == STRING
input.Body.sku.family == enum_ManagedHsmSkuFamily[_]
input.Body.sku.name == enum_ManagedHsmSkuName[_]
input.Body.tags.STRING == STRING
input.Body.identity.type == enum_ManagedServiceIdentityType[_]
input.Body.identity.userAssignedIdentities.STRING == {}
input.ReqMap.SubscriptionID == STRING
input.ReqMap.ResourceGroup == STRING
input.ReqMap.name == STRING
input.ReqMap.privateEndpointConnectionName == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
MHSMPrivateLinkResources_ListByMHSMResource
valid {
input.ReqMap.SubscriptionID == STRING
input.ReqMap.ResourceGroup == STRING
input.ReqMap.name == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
MHSMRegions_ListByResource
valid {
input.ReqMap.SubscriptionID == STRING
input.ReqMap.ResourceGroup == STRING
input.ReqMap.name == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
ManagedHsmKeys_CreateIfNotExist
enum_ManagedHsmActionType := [ "rotate", "notify" ]
enum_ManagedHsmKeyPropertiesCurveName := [ "P-256", "P-384", "P-521", "P-256K" ]
enum_ManagedHsmKeyPropertiesKeyOps := [ "encrypt", "decrypt", "sign", "verify", "wrapKey", "unwrapKey", "import", "release" ]
enum_ManagedHsmKeyPropertiesKty := [ "EC", "EC-HSM", "RSA", "RSA-HSM" ]
valid {
input.Body.tags.STRING == STRING
input.Body.properties.attributes.enabled == BOOLEAN
input.Body.properties.attributes.nbf == INTEGER
input.Body.properties.attributes.exp == INTEGER
input.Body.properties.attributes.exportable == BOOLEAN
input.Body.properties.kty == enum_ManagedHsmKeyPropertiesKty[_]
input.Body.properties.keyOps[_] == enum_ManagedHsmKeyPropertiesKeyOps[_]
input.Body.properties.keySize == INTEGER
input.Body.properties.curveName == enum_ManagedHsmKeyPropertiesCurveName[_]
input.Body.properties.rotationPolicy.attributes.expiryTime == STRING
input.Body.properties.rotationPolicy.lifetimeActions[_].trigger.timeAfterCreate == STRING
input.Body.properties.rotationPolicy.lifetimeActions[_].trigger.timeBeforeExpiry == STRING
input.Body.properties.rotationPolicy.lifetimeActions[_].action.type == enum_ManagedHsmActionType[_]
input.Body.properties.release_policy.contentType == STRING
input.Body.properties.release_policy.data == STRING
input.ReqMap.SubscriptionID == STRING
input.ReqMap.ResourceGroup == STRING
input.ReqMap.name == STRING
input.ReqMap.keyName == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
ManagedHsmKeys_Get
valid {
input.ReqMap.SubscriptionID == STRING
input.ReqMap.ResourceGroup == STRING
input.ReqMap.name == STRING
input.ReqMap.keyName == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
ManagedHsmKeys_GetVersion
valid {
input.ReqMap.SubscriptionID == STRING
input.ReqMap.ResourceGroup == STRING
input.ReqMap.name == STRING
input.ReqMap.keyName == STRING
input.ReqMap.keyVersion == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
ManagedHsmKeys_List
valid {
input.ReqMap.SubscriptionID == STRING
input.ReqMap.ResourceGroup == STRING
input.ReqMap.name == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
ManagedHsmKeys_ListVersions
valid {
input.ReqMap.SubscriptionID == STRING
input.ReqMap.ResourceGroup == STRING
input.ReqMap.name == STRING
input.ReqMap.keyName == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
ManagedHsms_CheckMhsmNameAvailability
valid {
input.Body.name == STRING
input.ReqMap.SubscriptionID == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
}
ManagedHsms_CreateOrUpdate
enum_MHSMNetworkRuleSetBypass := [ "AzureServices", "None" ]
enum_MHSMNetworkRuleSetDefaultAction := [ "Allow", "Deny" ]
enum_ManagedHsmPropertiesCreateMode := [ "recover", "default" ]
enum_ManagedHsmPropertiesPublicNetworkAccess := [ "Enabled", "Disabled" ]
enum_ManagedHsmSkuFamily := [ "B" ]
enum_ManagedHsmSkuName := [ "Standard_B1", "Custom_B32", "Custom_B6" ]
enum_ManagedServiceIdentityType := [ "None", "SystemAssigned", "UserAssigned", "SystemAssigned,UserAssigned" ]
valid {
input.Body.properties.tenantId == STRING
input.Body.properties.initialAdminObjectIds[_] == STRING
input.Body.properties.enableSoftDelete == BOOLEAN
input.Body.properties.softDeleteRetentionInDays == INTEGER
input.Body.properties.enablePurgeProtection == BOOLEAN
input.Body.properties.createMode == enum_ManagedHsmPropertiesCreateMode[_]
input.Body.properties.networkAcls.bypass == enum_MHSMNetworkRuleSetBypass[_]
input.Body.properties.networkAcls.defaultAction == enum_MHSMNetworkRuleSetDefaultAction[_]
input.Body.properties.networkAcls.ipRules[_].value == STRING
input.Body.properties.networkAcls.virtualNetworkRules[_].id == STRING
input.Body.properties.regions[_].name == STRING
input.Body.properties.regions[_].isPrimary == BOOLEAN
input.Body.properties.publicNetworkAccess == enum_ManagedHsmPropertiesPublicNetworkAccess[_]
input.Body.location == STRING
input.Body.sku.family == enum_ManagedHsmSkuFamily[_]
input.Body.sku.name == enum_ManagedHsmSkuName[_]
input.Body.tags.STRING == STRING
input.Body.identity.type == enum_ManagedServiceIdentityType[_]
input.Body.identity.userAssignedIdentities.STRING == {}
input.ReqMap.ResourceGroup == STRING
input.ReqMap.name == STRING
input.ReqMap.SubscriptionID == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
ManagedHsms_Delete
valid {
input.ReqMap.ResourceGroup == STRING
input.ReqMap.name == STRING
input.ReqMap.SubscriptionID == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
ManagedHsms_Get
valid {
input.ReqMap.ResourceGroup == STRING
input.ReqMap.name == STRING
input.ReqMap.SubscriptionID == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
ManagedHsms_GetDeleted
valid {
input.ReqMap.name == STRING
input.ReqMap.location == STRING
input.ReqMap.SubscriptionID == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
}
ManagedHsms_ListByResourceGroup
valid {
input.ReqMap.ResourceGroup == STRING
input.ReqMap.SubscriptionID == STRING
input.Qs.$top == INTEGER
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
ManagedHsms_ListBySubscription
valid {
input.ReqMap.SubscriptionID == STRING
input.Qs.$top == INTEGER
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
}
ManagedHsms_ListDeleted
valid {
input.ReqMap.SubscriptionID == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
}
ManagedHsms_PurgeDeleted
valid {
input.ReqMap.name == STRING
input.ReqMap.location == STRING
input.ReqMap.SubscriptionID == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
}
ManagedHsms_Update
enum_MHSMNetworkRuleSetBypass := [ "AzureServices", "None" ]
enum_MHSMNetworkRuleSetDefaultAction := [ "Allow", "Deny" ]
enum_ManagedHsmPropertiesCreateMode := [ "recover", "default" ]
enum_ManagedHsmPropertiesPublicNetworkAccess := [ "Enabled", "Disabled" ]
valid {
input.Body.properties.tenantId == STRING
input.Body.properties.initialAdminObjectIds[_] == STRING
input.Body.properties.enableSoftDelete == BOOLEAN
input.Body.properties.softDeleteRetentionInDays == INTEGER
input.Body.properties.enablePurgeProtection == BOOLEAN
input.Body.properties.createMode == enum_ManagedHsmPropertiesCreateMode[_]
input.Body.properties.networkAcls.bypass == enum_MHSMNetworkRuleSetBypass[_]
input.Body.properties.networkAcls.defaultAction == enum_MHSMNetworkRuleSetDefaultAction[_]
input.Body.properties.networkAcls.ipRules[_].value == STRING
input.Body.properties.networkAcls.virtualNetworkRules[_].id == STRING
input.Body.properties.regions[_].name == STRING
input.Body.properties.regions[_].isPrimary == BOOLEAN
input.Body.properties.publicNetworkAccess == enum_ManagedHsmPropertiesPublicNetworkAccess[_]
input.ReqMap.ResourceGroup == STRING
input.ReqMap.name == STRING
input.ReqMap.SubscriptionID == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
Operations_List
valid {
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
}
PrivateEndpointConnections_Delete
valid {
input.ReqMap.SubscriptionID == STRING
input.ReqMap.ResourceGroup == STRING
input.ReqMap.vaultName == STRING
input.ReqMap.privateEndpointConnectionName == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
PrivateEndpointConnections_Get
valid {
input.ReqMap.SubscriptionID == STRING
input.ReqMap.ResourceGroup == STRING
input.ReqMap.vaultName == STRING
input.ReqMap.privateEndpointConnectionName == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
PrivateEndpointConnections_ListByResource
valid {
input.ReqMap.SubscriptionID == STRING
input.ReqMap.ResourceGroup == STRING
input.ReqMap.vaultName == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
PrivateEndpointConnections_Put
enum_PrivateEndpointServiceConnectionStatus := [ "Pending", "Approved", "Rejected", "Disconnected" ]
enum_PrivateLinkServiceConnectionStateActionsRequired := [ "None" ]
valid {
input.Body.properties.privateEndpoint == {}
input.Body.properties.privateLinkServiceConnectionState.status == enum_PrivateEndpointServiceConnectionStatus[_]
input.Body.properties.privateLinkServiceConnectionState.description == STRING
input.Body.properties.privateLinkServiceConnectionState.actionsRequired == enum_PrivateLinkServiceConnectionStateActionsRequired[_]
input.Body.etag == STRING
input.ReqMap.SubscriptionID == STRING
input.ReqMap.ResourceGroup == STRING
input.ReqMap.vaultName == STRING
input.ReqMap.privateEndpointConnectionName == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
PrivateLinkResources_ListByVault
valid {
input.ReqMap.SubscriptionID == STRING
input.ReqMap.ResourceGroup == STRING
input.ReqMap.vaultName == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
Secrets_CreateOrUpdate
valid {
input.Body.tags.STRING == STRING
input.Body.properties.value == STRING
input.Body.properties.contentType == STRING
input.Body.properties.attributes.STRING == STRING
input.Body.properties.attributes.enabled == BOOLEAN
input.Body.properties.attributes.nbf == INTEGER
input.Body.properties.attributes.exp == INTEGER
input.ReqMap.ResourceGroup == STRING
input.ReqMap.vaultName == STRING
input.ReqMap.secretName == STRING
input.ReqMap.SubscriptionID == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
Secrets_Get
valid {
input.ReqMap.ResourceGroup == STRING
input.ReqMap.vaultName == STRING
input.ReqMap.secretName == STRING
input.ReqMap.SubscriptionID == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
Secrets_List
valid {
input.ReqMap.ResourceGroup == STRING
input.ReqMap.vaultName == STRING
input.ReqMap.SubscriptionID == STRING
input.Qs.$top == INTEGER
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
Secrets_Update
valid {
input.Body.tags.STRING == STRING
input.Body.properties.value == STRING
input.Body.properties.contentType == STRING
input.Body.properties.attributes.STRING == STRING
input.ReqMap.ResourceGroup == STRING
input.ReqMap.vaultName == STRING
input.ReqMap.secretName == STRING
input.ReqMap.SubscriptionID == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
Vaults_CheckNameAvailability
enum_VaultCheckNameAvailabilityParametersType := [ "Microsoft.KeyVault/vaults" ]
valid {
input.Body.name == STRING
input.Body.type == enum_VaultCheckNameAvailabilityParametersType[_]
input.ReqMap.SubscriptionID == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
}
Vaults_CreateOrUpdate
enum_NetworkRuleSetBypass := [ "AzureServices", "None" ]
enum_NetworkRuleSetDefaultAction := [ "Allow", "Deny" ]
enum_PermissionsCertificates := [ "all", "get", "list", "delete", "create", "import", "update", "managecontacts", "getissuers", "listissuers", "setissuers", "deleteissuers", "manageissuers", "recover", "purge", "backup", "restore" ]
enum_PermissionsKeys := [ "all", "encrypt", "decrypt", "wrapKey", "unwrapKey", "sign", "verify", "get", "list", "create", "update", "import", "delete", "backup", "restore", "recover", "purge", "release", "rotate", "getrotationpolicy", "setrotationpolicy" ]
enum_PermissionsSecrets := [ "all", "get", "list", "set", "delete", "backup", "restore", "recover", "purge" ]
enum_PermissionsStorage := [ "all", "get", "list", "delete", "set", "update", "regeneratekey", "recover", "purge", "backup", "restore", "setsas", "listsas", "getsas", "deletesas" ]
enum_SkuFamily := [ "A" ]
enum_SkuName := [ "standard", "premium" ]
enum_VaultPropertiesCreateMode := [ "recover", "default" ]
enum_VaultPropertiesProvisioningState := [ "Succeeded", "RegisteringDns" ]
valid {
input.Body.location == STRING
input.Body.tags.STRING == STRING
input.Body.properties.tenantId == STRING
input.Body.properties.sku.family == enum_SkuFamily[_]
input.Body.properties.sku.name == enum_SkuName[_]
input.Body.properties.accessPolicies[_].tenantId == STRING
input.Body.properties.accessPolicies[_].objectId == STRING
input.Body.properties.accessPolicies[_].applicationId == STRING
input.Body.properties.accessPolicies[_].permissions.keys[_] == enum_PermissionsKeys[_]
input.Body.properties.accessPolicies[_].permissions.secrets[_] == enum_PermissionsSecrets[_]
input.Body.properties.accessPolicies[_].permissions.certificates[_] == enum_PermissionsCertificates[_]
input.Body.properties.accessPolicies[_].permissions.storage[_] == enum_PermissionsStorage[_]
input.Body.properties.vaultUri == STRING
input.Body.properties.enabledForDeployment == BOOLEAN
input.Body.properties.enabledForDiskEncryption == BOOLEAN
input.Body.properties.enabledForTemplateDeployment == BOOLEAN
input.Body.properties.enableSoftDelete == BOOLEAN
input.Body.properties.softDeleteRetentionInDays == INTEGER
input.Body.properties.enableRbacAuthorization == BOOLEAN
input.Body.properties.createMode == enum_VaultPropertiesCreateMode[_]
input.Body.properties.enablePurgeProtection == BOOLEAN
input.Body.properties.networkAcls.bypass == enum_NetworkRuleSetBypass[_]
input.Body.properties.networkAcls.defaultAction == enum_NetworkRuleSetDefaultAction[_]
input.Body.properties.networkAcls.ipRules[_].value == STRING
input.Body.properties.networkAcls.virtualNetworkRules[_].id == STRING
input.Body.properties.networkAcls.virtualNetworkRules[_].ignoreMissingVnetServiceEndpoint == BOOLEAN
input.Body.properties.provisioningState == enum_VaultPropertiesProvisioningState[_]
input.Body.properties.publicNetworkAccess == STRING
input.ReqMap.ResourceGroup == STRING
input.ReqMap.vaultName == STRING
input.ReqMap.SubscriptionID == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
Vaults_Delete
valid {
input.ReqMap.ResourceGroup == STRING
input.ReqMap.vaultName == STRING
input.ReqMap.SubscriptionID == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
Vaults_Get
valid {
input.ReqMap.ResourceGroup == STRING
input.ReqMap.vaultName == STRING
input.ReqMap.SubscriptionID == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
Vaults_GetDeleted
valid {
input.ReqMap.vaultName == STRING
input.ReqMap.location == STRING
input.ReqMap.SubscriptionID == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
}
Vaults_List
enum_$filterParameter := [ "resourceType eq 'Microsoft.KeyVault/vaults'" ]
enum_Api-versionParameter := [ "2015-11-01" ]
valid {
input.ReqMap.SubscriptionID == STRING
input.Qs.$filter == enum_$filterParameter[_]
input.Qs.$top == INTEGER
input.Qs.api-version == enum_Api-versionParameter[_]
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
}
Vaults_ListByResourceGroup
valid {
input.ReqMap.ResourceGroup == STRING
input.ReqMap.SubscriptionID == STRING
input.Qs.$top == INTEGER
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
Vaults_ListBySubscription
valid {
input.ReqMap.SubscriptionID == STRING
input.Qs.$top == INTEGER
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
}
Vaults_ListDeleted
valid {
input.ReqMap.SubscriptionID == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
}
Vaults_PurgeDeleted
valid {
input.ReqMap.vaultName == STRING
input.ReqMap.location == STRING
input.ReqMap.SubscriptionID == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
}
Vaults_Update
enum_NetworkRuleSetBypass := [ "AzureServices", "None" ]
enum_NetworkRuleSetDefaultAction := [ "Allow", "Deny" ]
enum_PermissionsCertificates := [ "all", "get", "list", "delete", "create", "import", "update", "managecontacts", "getissuers", "listissuers", "setissuers", "deleteissuers", "manageissuers", "recover", "purge", "backup", "restore" ]
enum_PermissionsKeys := [ "all", "encrypt", "decrypt", "wrapKey", "unwrapKey", "sign", "verify", "get", "list", "create", "update", "import", "delete", "backup", "restore", "recover", "purge", "release", "rotate", "getrotationpolicy", "setrotationpolicy" ]
enum_PermissionsSecrets := [ "all", "get", "list", "set", "delete", "backup", "restore", "recover", "purge" ]
enum_PermissionsStorage := [ "all", "get", "list", "delete", "set", "update", "regeneratekey", "recover", "purge", "backup", "restore", "setsas", "listsas", "getsas", "deletesas" ]
enum_SkuFamily := [ "A" ]
enum_SkuName := [ "standard", "premium" ]
enum_VaultPatchPropertiesCreateMode := [ "recover", "default" ]
valid {
input.Body.tags.STRING == STRING
input.Body.properties.tenantId == STRING
input.Body.properties.sku.family == enum_SkuFamily[_]
input.Body.properties.sku.name == enum_SkuName[_]
input.Body.properties.accessPolicies[_].tenantId == STRING
input.Body.properties.accessPolicies[_].objectId == STRING
input.Body.properties.accessPolicies[_].applicationId == STRING
input.Body.properties.accessPolicies[_].permissions.keys[_] == enum_PermissionsKeys[_]
input.Body.properties.accessPolicies[_].permissions.secrets[_] == enum_PermissionsSecrets[_]
input.Body.properties.accessPolicies[_].permissions.certificates[_] == enum_PermissionsCertificates[_]
input.Body.properties.accessPolicies[_].permissions.storage[_] == enum_PermissionsStorage[_]
input.Body.properties.enabledForDeployment == BOOLEAN
input.Body.properties.enabledForDiskEncryption == BOOLEAN
input.Body.properties.enabledForTemplateDeployment == BOOLEAN
input.Body.properties.enableSoftDelete == BOOLEAN
input.Body.properties.enableRbacAuthorization == BOOLEAN
input.Body.properties.softDeleteRetentionInDays == INTEGER
input.Body.properties.createMode == enum_VaultPatchPropertiesCreateMode[_]
input.Body.properties.enablePurgeProtection == BOOLEAN
input.Body.properties.networkAcls.bypass == enum_NetworkRuleSetBypass[_]
input.Body.properties.networkAcls.defaultAction == enum_NetworkRuleSetDefaultAction[_]
input.Body.properties.networkAcls.ipRules[_].value == STRING
input.Body.properties.networkAcls.virtualNetworkRules[_].id == STRING
input.Body.properties.networkAcls.virtualNetworkRules[_].ignoreMissingVnetServiceEndpoint == BOOLEAN
input.Body.properties.publicNetworkAccess == STRING
input.ReqMap.ResourceGroup == STRING
input.ReqMap.vaultName == STRING
input.ReqMap.SubscriptionID == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
Vaults_UpdateAccessPolicy
enum_OperationKindParameter := [ "add", "replace", "remove" ]
enum_PermissionsCertificates := [ "all", "get", "list", "delete", "create", "import", "update", "managecontacts", "getissuers", "listissuers", "setissuers", "deleteissuers", "manageissuers", "recover", "purge", "backup", "restore" ]
enum_PermissionsKeys := [ "all", "encrypt", "decrypt", "wrapKey", "unwrapKey", "sign", "verify", "get", "list", "create", "update", "import", "delete", "backup", "restore", "recover", "purge", "release", "rotate", "getrotationpolicy", "setrotationpolicy" ]
enum_PermissionsSecrets := [ "all", "get", "list", "set", "delete", "backup", "restore", "recover", "purge" ]
enum_PermissionsStorage := [ "all", "get", "list", "delete", "set", "update", "regeneratekey", "recover", "purge", "backup", "restore", "setsas", "listsas", "getsas", "deletesas" ]
valid {
input.Body.properties.accessPolicies[_].tenantId == STRING
input.Body.properties.accessPolicies[_].objectId == STRING
input.Body.properties.accessPolicies[_].applicationId == STRING
input.Body.properties.accessPolicies[_].permissions.keys[_] == enum_PermissionsKeys[_]
input.Body.properties.accessPolicies[_].permissions.secrets[_] == enum_PermissionsSecrets[_]
input.Body.properties.accessPolicies[_].permissions.certificates[_] == enum_PermissionsCertificates[_]
input.Body.properties.accessPolicies[_].permissions.storage[_] == enum_PermissionsStorage[_]
input.ReqMap.ResourceGroup == STRING
input.ReqMap.vaultName == STRING
input.ReqMap.operationKind == enum_OperationKindParameter[_]
input.ReqMap.SubscriptionID == STRING
input.Qs.api-version == STRING
input.ProviderMetadata.Region == STRING
input.ProviderMetadata.SubscriptionID == STRING
input.ProviderMetadata.ResourceGroup == STRING
}
Updated 3 months ago