Skip to content

Commit 2b89392

Browse files
committed
hopefully working policy bicep
1 parent 986e437 commit 2b89392

3 files changed

Lines changed: 7 additions & 7 deletions

File tree

.squad/agents/apimexpert/history.md

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -99,11 +99,11 @@ the SDK surface, reference docs, or ad-hoc observation.
9999

100100
**Research output:** `.squad/decisions.md` entry (merged from inbox), full analysis in `specs/sku-upgrade.md`
101101

102-
### 2026-05-19: `policyRestrictions``scope` is the full ARM resource ID of a policy document
102+
### 2026-05-19: `policyRestrictions.scope` grammar
103103

104-
`Microsoft.ApiManagement/service/policyRestrictions`: `scope` is the ARM resource ID of an existing policy document (e.g. `${apim.id}/policies/policy`, or the equivalent for an api/operation/product policy). Enum-like values (`'All'`, `'Tenant'`, etc.) and relative paths (`'/policies/policy'`) compile but fail at deploy with `"The specified scope is not supported for policy restriction."`
104+
`Microsoft.ApiManagement/service/policyRestrictions@2025-09-01-preview`. Schema says `"Path to the policy document."` but the API validates `scope` as a **relative ARM path to an existing API, operation, or product**.
105105

106-
Inferred from the sibling `SubscriptionContractProperties.scope` in the same definitions file (description says `"Scope like /products/{productId}"` but real examples use full ARM IDs, e.g. `/subscriptions/{sub}/.../service/{name}/products/{id}`). All Microsoft policy-restriction examples use the placeholder string `"Sample Path to the policy document."`, so this is the best inference; verify by deployment. Classic Developer/Premium SKU only.
107-
108-
- <https://learn.microsoft.com/rest/api/apimanagement/policy-restriction>
106+
- Accepted: `/apis/{apiId}`, `/apis/{apiId}/operations/{opId}`, `/products/{productId}`, `""`.
107+
- Classic Developer/Premium SKU only.
108+
- Docs: <https://learn.microsoft.com/rest/api/apimanagement/policy-restriction> · <https://learn.microsoft.com/azure/templates/microsoft.apimanagement/service/policyrestrictions>
109109

tests/integration/all-resource-types/expected-structure.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -292,7 +292,7 @@
292292
"files": ["policyRestrictionInformation.json"],
293293
"spotChecks": {
294294
"policyRestrictionInformation.json": {
295-
"properties.scope": "exists",
295+
"properties.scope": "/products/src-product-starter",
296296
"properties.requireBase": "true"
297297
}
298298
}

tests/integration/all-resource-types/source-apim.bicep

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -667,7 +667,7 @@ resource policyRestriction 'Microsoft.ApiManagement/service/policyRestrictions@2
667667
parent: apim
668668
name: 'src-restriction-ip'
669669
properties: {
670-
scope: servicePolicy.id
670+
scope: '/products/${productStarter.name}'
671671
requireBase: 'true'
672672
}
673673
}

0 commit comments

Comments
 (0)