diff --git a/.github/workflows/ms.authorization.policydefinitions.yml b/.github/workflows/ms.authorization.policydefinitions.yml index 0800137506..266b341592 100644 --- a/.github/workflows/ms.authorization.policydefinitions.yml +++ b/.github/workflows/ms.authorization.policydefinitions.yml @@ -109,8 +109,7 @@ jobs: - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.resourceGroupName }}' subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/modules/Microsoft.Authorization/policyDefinitions/.test/mg.common/deploy.test.bicep b/modules/Microsoft.Authorization/policyDefinitions/.test/mg.common/deploy.test.bicep new file mode 100644 index 0000000000..8d55bd1fe4 --- /dev/null +++ b/modules/Microsoft.Authorization/policyDefinitions/.test/mg.common/deploy.test.bicep @@ -0,0 +1,69 @@ +targetScope = 'managementGroup' + +// ========== // +// Parameters // +// ========== // +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'apdmgcom' + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../managementGroup/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + policyRule: { + if: { + allOf: [ + { + equals: 'Microsoft.Resources/subscriptions' + field: 'type' + } + { + exists: 'false' + field: '[concat(\'tags[\', parameters(\'tagName\'), \']\')]' + } + ] + } + then: { + details: { + operations: [ + { + field: '[concat(\'tags[\', parameters(\'tagName\'), \']\')]' + operation: 'add' + value: '[parameters(\'tagValue\')]' + } + ] + roleDefinitionIds: [ + '/providers/microsoft.authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f' + ] + } + effect: 'modify' + } + } + description: '[Description] This policy definition is deployed at the management group scope' + displayName: '[DisplayName] This policy definition is deployed at the management group scope' + managementGroupId: last(split(managementGroup().id, '/')) + metadata: { + category: 'Security' + } + parameters: { + tagName: { + metadata: { + description: 'Name of the tag such as \'environment\'' + displayName: 'Tag Name' + } + type: 'String' + } + tagValue: { + metadata: { + description: 'Value of the tag such as \'environment\'' + displayName: 'Tag Value' + } + type: 'String' + } + } + } +} diff --git a/modules/Microsoft.Authorization/policyDefinitions/.test/mg.min.parameters.json b/modules/Microsoft.Authorization/policyDefinitions/.test/mg.min.parameters.json deleted file mode 100644 index 431a0f6f5e..0000000000 --- a/modules/Microsoft.Authorization/policyDefinitions/.test/mg.min.parameters.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-mg-min-policyDef" - }, - "policyRule": { - "value": { - "if": { - "allOf": [ - { - "equals": "Microsoft.KeyVault/vaults", - "field": "type" - } - ] - }, - "then": { - "effect": "[parameters('effect')]" - } - } - }, - "parameters": { - "value": { - "effect": { - "allowedValues": [ - "Audit" - ], - "defaultValue": "Audit", - "type": "String" - } - } - } - } -} diff --git a/modules/Microsoft.Authorization/policyDefinitions/.test/mg.min/deploy.test.bicep b/modules/Microsoft.Authorization/policyDefinitions/.test/mg.min/deploy.test.bicep new file mode 100644 index 0000000000..e90868e368 --- /dev/null +++ b/modules/Microsoft.Authorization/policyDefinitions/.test/mg.min/deploy.test.bicep @@ -0,0 +1,40 @@ +targetScope = 'managementGroup' + +// ========== // +// Parameters // +// ========== // +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'apdmgmin' + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../managementGroup/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + policyRule: { + if: { + allOf: [ + { + equals: 'Microsoft.KeyVault/vaults' + field: 'type' + } + ] + } + then: { + effect: '[parameters(\'effect\')]' + } + } + parameters: { + effect: { + allowedValues: [ + 'Audit' + ] + defaultValue: 'Audit' + type: 'String' + } + } + } +} diff --git a/modules/Microsoft.Authorization/policyDefinitions/.test/mg.parameters.json b/modules/Microsoft.Authorization/policyDefinitions/.test/mg.parameters.json deleted file mode 100644 index 7196de6154..0000000000 --- a/modules/Microsoft.Authorization/policyDefinitions/.test/mg.parameters.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-mg-policyDef" - }, - "displayName": { - "value": "[DisplayName] This policy definition is deployed at the management group scope" - }, - "description": { - "value": "[Description] This policy definition is deployed at the management group scope" - }, - "policyRule": { - "value": { - "if": { - "allOf": [ - { - "field": "type", - "equals": "Microsoft.Resources/subscriptions" - }, - { - "field": "[concat('tags[', parameters('tagName'), ']')]", - "exists": "false" - } - ] - }, - "then": { - "effect": "modify", - "details": { - "roleDefinitionIds": [ - "/providers/microsoft.authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f" - ], - "operations": [ - { - "operation": "add", - "field": "[concat('tags[', parameters('tagName'), ']')]", - "value": "[parameters('tagValue')]" - } - ] - } - } - } - }, - "parameters": { - "value": { - "tagName": { - "type": "String", - "metadata": { - "displayName": "Tag Name", - "description": "Name of the tag, such as 'environment'" - } - }, - "tagValue": { - "type": "String", - "metadata": { - "displayName": "Tag Value", - "description": "Value of the tag, such as 'production'" - } - } - } - }, - "metadata": { - "value": { - "category": "Security" - } - }, - "managementGroupId": { - "value": "<>" - } - } -} diff --git a/modules/Microsoft.Authorization/policyDefinitions/.test/sub.common/deploy.test.bicep b/modules/Microsoft.Authorization/policyDefinitions/.test/sub.common/deploy.test.bicep new file mode 100644 index 0000000000..81740d7a9e --- /dev/null +++ b/modules/Microsoft.Authorization/policyDefinitions/.test/sub.common/deploy.test.bicep @@ -0,0 +1,69 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'apdsubcom' + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../subscription/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + policyRule: { + if: { + allOf: [ + { + equals: 'Microsoft.Resources/subscriptions' + field: 'type' + } + { + exists: 'false' + field: '[concat(\'tags[\', parameters(\'tagName\'), \']\')]' + } + ] + } + then: { + details: { + operations: [ + { + field: '[concat(\'tags[\', parameters(\'tagName\'), \']\')]' + operation: 'add' + value: '[parameters(\'tagValue\')]' + } + ] + roleDefinitionIds: [ + '/providers/microsoft.authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f' + ] + } + effect: 'modify' + } + } + description: '[Description] This policy definition is deployed at subscription scope' + displayName: '[DisplayName] This policy definition is deployed at subscription scope' + metadata: { + category: 'Security' + } + parameters: { + tagName: { + metadata: { + description: 'Name of the tag such as \'environment\'' + displayName: 'Tag Name' + } + type: 'String' + } + tagValue: { + metadata: { + description: 'Value of the tag such as \'production\'' + displayName: 'Tag Value' + } + type: 'String' + } + } + subscriptionId: subscription().subscriptionId + } +} diff --git a/modules/Microsoft.Authorization/policyDefinitions/.test/sub.min.parameters.json b/modules/Microsoft.Authorization/policyDefinitions/.test/sub.min.parameters.json deleted file mode 100644 index f2cd03cfb5..0000000000 --- a/modules/Microsoft.Authorization/policyDefinitions/.test/sub.min.parameters.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-sub-min-policyDef" - }, - "policyRule": { - "value": { - "if": { - "allOf": [ - { - "equals": "Microsoft.KeyVault/vaults", - "field": "type" - } - ] - }, - "then": { - "effect": "[parameters('effect')]" - } - } - }, - "parameters": { - "value": { - "effect": { - "allowedValues": [ - "Audit" - ], - "defaultValue": "Audit", - "type": "String" - } - } - }, - "subscriptionId": { - "value": "<>" - } - } -} diff --git a/modules/Microsoft.Authorization/policyDefinitions/.test/sub.min/deploy.test.bicep b/modules/Microsoft.Authorization/policyDefinitions/.test/sub.min/deploy.test.bicep new file mode 100644 index 0000000000..14931d0d47 --- /dev/null +++ b/modules/Microsoft.Authorization/policyDefinitions/.test/sub.min/deploy.test.bicep @@ -0,0 +1,41 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'apdsubmin' + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../subscription/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + policyRule: { + if: { + allOf: [ + { + equals: 'Microsoft.KeyVault/vaults' + field: 'type' + } + ] + } + then: { + effect: '[parameters(\'effect\')]' + } + } + parameters: { + effect: { + allowedValues: [ + 'Audit' + ] + defaultValue: 'Audit' + type: 'String' + } + } + subscriptionId: subscription().subscriptionId + } +} diff --git a/modules/Microsoft.Authorization/policyDefinitions/.test/sub.parameters.json b/modules/Microsoft.Authorization/policyDefinitions/.test/sub.parameters.json deleted file mode 100644 index e445127518..0000000000 --- a/modules/Microsoft.Authorization/policyDefinitions/.test/sub.parameters.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-sub-policyDef" - }, - "displayName": { - "value": "[DisplayName] This policy definition is deployed at subscription scope" - }, - "description": { - "value": "[Description] This policy definition is deployed at subscription scope" - }, - "policyRule": { - "value": { - "if": { - "allOf": [ - { - "field": "type", - "equals": "Microsoft.Resources/subscriptions" - }, - { - "field": "[concat('tags[', parameters('tagName'), ']')]", - "exists": "false" - } - ] - }, - "then": { - "effect": "modify", - "details": { - "roleDefinitionIds": [ - "/providers/microsoft.authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f" - ], - "operations": [ - { - "operation": "add", - "field": "[concat('tags[', parameters('tagName'), ']')]", - "value": "[parameters('tagValue')]" - } - ] - } - } - } - }, - "parameters": { - "value": { - "tagName": { - "type": "String", - "metadata": { - "displayName": "Tag Name", - "description": "Name of the tag, such as 'environment'" - } - }, - "tagValue": { - "type": "String", - "metadata": { - "displayName": "Tag Value", - "description": "Value of the tag, such as 'production'" - } - } - } - }, - "metadata": { - "value": { - "category": "Security" - } - }, - "subscriptionId": { - "value": "<>" - } - } -} diff --git a/modules/Microsoft.Authorization/policyDefinitions/readme.md b/modules/Microsoft.Authorization/policyDefinitions/readme.md index 260c2bc38d..75e5b126a4 100644 --- a/modules/Microsoft.Authorization/policyDefinitions/readme.md +++ b/modules/Microsoft.Authorization/policyDefinitions/readme.md @@ -136,7 +136,7 @@ The following module usage examples are retrieved from the content of the files >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Mg Min

+

Example 1: Mg.Common

@@ -144,99 +144,10 @@ The following module usage examples are retrieved from the content of the files ```bicep module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-PolicyDefinitions' + name: '${uniqueString(deployment().name)}-test-apdmgcom' params: { // Required parameters - name: '<>-mg-min-policyDef' - policyRule: { - if: { - allOf: [ - { - equals: 'Microsoft.KeyVault/vaults' - field: 'type' - } - ] - } - then: { - effect: '[parameters('effect')]' - } - } - // Non-required parameters - parameters: { - effect: { - allowedValues: [ - 'Audit' - ] - defaultValue: 'Audit' - type: 'String' - } - } - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "<>-mg-min-policyDef" - }, - "policyRule": { - "value": { - "if": { - "allOf": [ - { - "equals": "Microsoft.KeyVault/vaults", - "field": "type" - } - ] - }, - "then": { - "effect": "[parameters('effect')]" - } - } - }, - // Non-required parameters - "parameters": { - "value": { - "effect": { - "allowedValues": [ - "Audit" - ], - "defaultValue": "Audit", - "type": "String" - } - } - } - } -} -``` - -
-

- -

Example 2: Mg

- -
- -via Bicep module - -```bicep -module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-PolicyDefinitions' - params: { - // Required parameters - name: '<>-mg-policyDef' + name: '<>apdmgcom001' policyRule: { if: { allOf: [ @@ -246,7 +157,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic } { exists: 'false' - field: '[concat('tags[' parameters('tagName') ']')]' + field: '' } ] } @@ -254,9 +165,9 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic details: { operations: [ { - field: '[concat('tags[' parameters('tagName') ']')]' + field: '' operation: 'add' - value: '[parameters('tagValue')]' + value: '' } ] roleDefinitionIds: [ @@ -269,21 +180,21 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic // Non-required parameters description: '[Description] This policy definition is deployed at the management group scope' displayName: '[DisplayName] This policy definition is deployed at the management group scope' - managementGroupId: '<>' + managementGroupId: '' metadata: { category: 'Security' } parameters: { tagName: { metadata: { - description: 'Name of the tag such as 'environment'' + description: 'Name of the tag such as \'environment\'' displayName: 'Tag Name' } type: 'String' } tagValue: { metadata: { - description: 'Value of the tag such as 'production'' + description: 'Value of the tag such as \'environment\'' displayName: 'Tag Value' } type: 'String' @@ -307,7 +218,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic "parameters": { // Required parameters "name": { - "value": "<>-mg-policyDef" + "value": "<>apdmgcom001" }, "policyRule": { "value": { @@ -319,7 +230,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic }, { "exists": "false", - "field": "[concat('tags[', parameters('tagName'), ']')]" + "field": "" } ] }, @@ -327,9 +238,9 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic "details": { "operations": [ { - "field": "[concat('tags[', parameters('tagName'), ']')]", + "field": "", "operation": "add", - "value": "[parameters('tagValue')]" + "value": "" } ], "roleDefinitionIds": [ @@ -348,7 +259,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic "value": "[DisplayName] This policy definition is deployed at the management group scope" }, "managementGroupId": { - "value": "<>" + "value": "" }, "metadata": { "value": { @@ -359,14 +270,14 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic "value": { "tagName": { "metadata": { - "description": "Name of the tag, such as 'environment'", + "description": "Name of the tag such as \"environment\"", "displayName": "Tag Name" }, "type": "String" }, "tagValue": { "metadata": { - "description": "Value of the tag, such as 'production'", + "description": "Value of the tag such as \"environment\"", "displayName": "Tag Value" }, "type": "String" @@ -380,7 +291,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic

-

Example 3: Sub Min

+

Example 2: Mg.Min

@@ -388,10 +299,10 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic ```bicep module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-PolicyDefinitions' + name: '${uniqueString(deployment().name)}-test-apdmgmin' params: { // Required parameters - name: '<>-sub-min-policyDef' + name: '<>apdmgmin001' policyRule: { if: { allOf: [ @@ -402,7 +313,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic ] } then: { - effect: '[parameters('effect')]' + effect: '' } } // Non-required parameters @@ -415,7 +326,6 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic type: 'String' } } - subscriptionId: '<>' } } ``` @@ -434,7 +344,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic "parameters": { // Required parameters "name": { - "value": "<>-sub-min-policyDef" + "value": "<>apdmgmin001" }, "policyRule": { "value": { @@ -447,7 +357,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic ] }, "then": { - "effect": "[parameters('effect')]" + "effect": "" } } }, @@ -462,9 +372,6 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic "type": "String" } } - }, - "subscriptionId": { - "value": "<>" } } } @@ -473,7 +380,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic

-

Example 4: Sub

+

Example 3: Sub.Common

@@ -481,10 +388,10 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic ```bicep module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-PolicyDefinitions' + name: '${uniqueString(deployment().name)}-test-apdsubcom' params: { // Required parameters - name: '<>-sub-policyDef' + name: '<>apdsubcom001' policyRule: { if: { allOf: [ @@ -494,7 +401,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic } { exists: 'false' - field: '[concat('tags[' parameters('tagName') ']')]' + field: '' } ] } @@ -502,9 +409,9 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic details: { operations: [ { - field: '[concat('tags[' parameters('tagName') ']')]' + field: '' operation: 'add' - value: '[parameters('tagValue')]' + value: '' } ] roleDefinitionIds: [ @@ -523,20 +430,20 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic parameters: { tagName: { metadata: { - description: 'Name of the tag such as 'environment'' + description: 'Name of the tag such as \'environment\'' displayName: 'Tag Name' } type: 'String' } tagValue: { metadata: { - description: 'Value of the tag such as 'production'' + description: 'Value of the tag such as \'production\'' displayName: 'Tag Value' } type: 'String' } } - subscriptionId: '<>' + subscriptionId: '' } } ``` @@ -555,7 +462,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic "parameters": { // Required parameters "name": { - "value": "<>-sub-policyDef" + "value": "<>apdsubcom001" }, "policyRule": { "value": { @@ -567,7 +474,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic }, { "exists": "false", - "field": "[concat('tags[', parameters('tagName'), ']')]" + "field": "" } ] }, @@ -575,9 +482,9 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic "details": { "operations": [ { - "field": "[concat('tags[', parameters('tagName'), ']')]", + "field": "", "operation": "add", - "value": "[parameters('tagValue')]" + "value": "" } ], "roleDefinitionIds": [ @@ -604,14 +511,14 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic "value": { "tagName": { "metadata": { - "description": "Name of the tag, such as 'environment'", + "description": "Name of the tag such as \"environment\"", "displayName": "Tag Name" }, "type": "String" }, "tagValue": { "metadata": { - "description": "Value of the tag, such as 'production'", + "description": "Value of the tag such as \"production\"", "displayName": "Tag Value" }, "type": "String" @@ -619,7 +526,100 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic } }, "subscriptionId": { - "value": "<>" + "value": "" + } + } +} +``` + +
+

+ +

Example 4: Sub.Min

+ +
+ +via Bicep module + +```bicep +module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-apdsubmin' + params: { + // Required parameters + name: '<>apdsubmin001' + policyRule: { + if: { + allOf: [ + { + equals: 'Microsoft.KeyVault/vaults' + field: 'type' + } + ] + } + then: { + effect: '' + } + } + // Non-required parameters + parameters: { + effect: { + allowedValues: [ + 'Audit' + ] + defaultValue: 'Audit' + type: 'String' + } + } + subscriptionId: '' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "<>apdsubmin001" + }, + "policyRule": { + "value": { + "if": { + "allOf": [ + { + "equals": "Microsoft.KeyVault/vaults", + "field": "type" + } + ] + }, + "then": { + "effect": "" + } + } + }, + // Non-required parameters + "parameters": { + "value": { + "effect": { + "allowedValues": [ + "Audit" + ], + "defaultValue": "Audit", + "type": "String" + } + } + }, + "subscriptionId": { + "value": "" } } }