Skip to content
This repository was archived by the owner on May 24, 2022. It is now read-only.

Commit 5e35d9a

Browse files
matt-FFFFFFmatt-FFFFFF
authored
Large changeset from upstream
Lots of changes from upstream in this release. Test upgrades in a non-production environment first,
1 parent 6680232 commit 5e35d9a

File tree

103 files changed

+3646
-1886
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

103 files changed

+3646
-1886
lines changed

policydefinition-append_kv_softdelete.tf

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,12 @@ resource "azurerm_policy_definition" "append_kv_softdelete" {
55
mode = "All"
66
display_name = "KeyVault SoftDelete should be enabled"
77
description = "This policy enables you to ensure when a Key Vault is created with out soft delete enabled it will be added."
8+
metadata = <<METADATA
9+
{
10+
"version": "1.0.0",
11+
"category": "Key Vault"
12+
}
13+
METADATA
814

915
management_group_name = var.management_group_name
1016
policy_rule = <<POLICYRULE

policydefinition-deny_aa_child_resources.tf

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,12 @@ resource "azurerm_policy_definition" "deny_aa_child_resources" {
55
mode = "All"
66
display_name = "No child resources in Automation Account"
77
description = "This policy denies the creation of child resources on the Automation Account"
8+
metadata = <<METADATA
9+
{
10+
"version": "1.0.0",
11+
"category": "Automation"
12+
}
13+
METADATA
814

915
management_group_name = var.management_group_name
1016
policy_rule = <<POLICYRULE
@@ -34,16 +40,16 @@ POLICYRULE
3440
{
3541
"effect": {
3642
"type": "String",
37-
"metadata": {
38-
"displayName": "Effect",
39-
"description": "Enable or disable the execution of the policy"
40-
},
4143
"allowedValues": [
4244
"Audit",
4345
"Deny",
4446
"Disabled"
4547
],
46-
"defaultValue": "Deny"
48+
"defaultValue": "Deny",
49+
"metadata": {
50+
"displayName": "Effect",
51+
"description": "Enable or disable the execution of the policy"
52+
}
4753
}
4854
}
4955
PARAMETERS

policydefinition-deny_appgw_without_waf.tf

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,12 @@ resource "azurerm_policy_definition" "deny_appgw_without_waf" {
55
mode = "All"
66
display_name = "Application Gateway should be deployed with WAF enabled"
77
description = "This policy enables you to restrict that Application Gateways is always deployed with WAF enabled"
8+
metadata = <<METADATA
9+
{
10+
"version": "1.0.0",
11+
"category": "Network"
12+
}
13+
METADATA
814

915
management_group_name = var.management_group_name
1016
policy_rule = <<POLICYRULE
@@ -31,16 +37,16 @@ POLICYRULE
3137
{
3238
"effect": {
3339
"type": "String",
34-
"metadata": {
35-
"displayName": "Effect",
36-
"description": "Enable or disable the execution of the policy"
37-
},
3840
"allowedValues": [
3941
"Audit",
4042
"Deny",
4143
"Disabled"
4244
],
43-
"defaultValue": "Deny"
45+
"defaultValue": "Deny",
46+
"metadata": {
47+
"displayName": "Effect",
48+
"description": "Enable or disable the execution of the policy"
49+
}
4450
}
4551
}
4652
PARAMETERS

policydefinition-deny_private_dns_zones.tf

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,12 @@ resource "azurerm_policy_definition" "deny_private_dns_zones" {
55
mode = "All"
66
display_name = "Deny the creation of private DNS"
77
description = "This policy denies the creation of a private DNS in the current scope, used in combination with policies that create centralized private DNS in connectivity subscription"
8+
metadata = <<METADATA
9+
{
10+
"version": "1.0.0",
11+
"category": "Network"
12+
}
13+
METADATA
814

915
management_group_name = var.management_group_name
1016
policy_rule = <<POLICYRULE
@@ -23,16 +29,16 @@ POLICYRULE
2329
{
2430
"effect": {
2531
"type": "String",
26-
"metadata": {
27-
"displayName": "Effect",
28-
"description": "Enable or disable the execution of the policy"
29-
},
3032
"allowedValues": [
3133
"Audit",
3234
"Deny",
3335
"Disabled"
3436
],
35-
"defaultValue": "Deny"
37+
"defaultValue": "Deny",
38+
"metadata": {
39+
"displayName": "Effect",
40+
"description": "Enable or disable the execution of the policy"
41+
}
3642
}
3743
}
3844
PARAMETERS

policydefinition-deny_publicendpoint_aks.tf

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,12 @@ resource "azurerm_policy_definition" "deny_publicendpoint_aks" {
55
mode = "All"
66
display_name = "Public network access on AKS API should be disabled"
77
description = "This policy denies the creation of Azure Kubernetes Service non-private clusters"
8+
metadata = <<METADATA
9+
{
10+
"version": "1.0.0",
11+
"category": "Kubernetes"
12+
}
13+
METADATA
814

915
management_group_name = var.management_group_name
1016
policy_rule = <<POLICYRULE
@@ -31,16 +37,16 @@ POLICYRULE
3137
{
3238
"effect": {
3339
"type": "String",
34-
"metadata": {
35-
"displayName": "Effect",
36-
"description": "Enable or disable the execution of the policy"
37-
},
3840
"allowedValues": [
3941
"Audit",
4042
"Deny",
4143
"Disabled"
4244
],
43-
"defaultValue": "Deny"
45+
"defaultValue": "Deny",
46+
"metadata": {
47+
"displayName": "Effect",
48+
"description": "Enable or disable the execution of the policy"
49+
}
4450
}
4551
}
4652
PARAMETERS

policydefinition-deny_publicendpoint_cosmosdb.tf

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,12 @@ resource "azurerm_policy_definition" "deny_publicendpoint_cosmosdb" {
55
mode = "All"
66
display_name = "Public network access should be disabled for CosmosDB"
77
description = "This policy denies that Cosmos database accounts are created with out public network access is disabled."
8+
metadata = <<METADATA
9+
{
10+
"version": "1.0.0",
11+
"category": "SQL"
12+
}
13+
METADATA
814

915
management_group_name = var.management_group_name
1016
policy_rule = <<POLICYRULE
@@ -31,16 +37,16 @@ POLICYRULE
3137
{
3238
"effect": {
3339
"type": "String",
34-
"metadata": {
35-
"displayName": "Effect",
36-
"description": "Enable or disable the execution of the policy"
37-
},
3840
"allowedValues": [
3941
"Audit",
4042
"Deny",
4143
"Disabled"
4244
],
43-
"defaultValue": "Deny"
45+
"defaultValue": "Deny",
46+
"metadata": {
47+
"displayName": "Effect",
48+
"description": "Enable or disable the execution of the policy"
49+
}
4450
}
4551
}
4652
PARAMETERS

policydefinition-deny_publicendpoint_keyvault.tf

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,12 @@ resource "azurerm_policy_definition" "deny_publicendpoint_keyvault" {
55
mode = "All"
66
display_name = "Public network access should be disabled for KeyVault"
77
description = "This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints"
8+
metadata = <<METADATA
9+
{
10+
"version": "1.0.0",
11+
"category": "Key Vault"
12+
}
13+
METADATA
814

915
management_group_name = var.management_group_name
1016
policy_rule = <<POLICYRULE
@@ -31,16 +37,16 @@ POLICYRULE
3137
{
3238
"effect": {
3339
"type": "String",
34-
"metadata": {
35-
"displayName": "Effect",
36-
"description": "Enable or disable the execution of the policy"
37-
},
3840
"allowedValues": [
3941
"Audit",
4042
"Deny",
4143
"Disabled"
4244
],
43-
"defaultValue": "Deny"
45+
"defaultValue": "Deny",
46+
"metadata": {
47+
"displayName": "Effect",
48+
"description": "Enable or disable the execution of the policy"
49+
}
4450
}
4551
}
4652
PARAMETERS

policydefinition-deny_publicendpoint_mariadb.tf

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,12 @@ resource "azurerm_policy_definition" "deny_publicendpoint_mariadb" {
55
mode = "All"
66
display_name = "Public network access should be disabled for MariaDB"
77
description = "This policy denies the creation of Maria DB accounts with exposed public endpoints"
8+
metadata = <<METADATA
9+
{
10+
"version": "1.0.0",
11+
"category": "SQL"
12+
}
13+
METADATA
814

915
management_group_name = var.management_group_name
1016
policy_rule = <<POLICYRULE
@@ -31,16 +37,16 @@ POLICYRULE
3137
{
3238
"effect": {
3339
"type": "String",
34-
"metadata": {
35-
"displayName": "Effect",
36-
"description": "Enable or disable the execution of the policy"
37-
},
3840
"allowedValues": [
3941
"Audit",
4042
"Deny",
4143
"Disabled"
4244
],
43-
"defaultValue": "Deny"
45+
"defaultValue": "Deny",
46+
"metadata": {
47+
"displayName": "Effect",
48+
"description": "Enable or disable the execution of the policy"
49+
}
4450
}
4551
}
4652
PARAMETERS

policydefinition-deny_publicendpoint_mysql.tf

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,12 @@ resource "azurerm_policy_definition" "deny_publicendpoint_mysql" {
55
mode = "All"
66
display_name = "Public network access should be disabled for MySQL"
77
description = "This policy denies creation of MySql DB accounts with exposed public endpoints"
8+
metadata = <<METADATA
9+
{
10+
"version": "1.0.0",
11+
"category": "SQL"
12+
}
13+
METADATA
814

915
management_group_name = var.management_group_name
1016
policy_rule = <<POLICYRULE
@@ -31,16 +37,16 @@ POLICYRULE
3137
{
3238
"effect": {
3339
"type": "String",
34-
"metadata": {
35-
"displayName": "Effect",
36-
"description": "Enable or disable the execution of the policy"
37-
},
3840
"allowedValues": [
3941
"Audit",
4042
"Deny",
4143
"Disabled"
4244
],
43-
"defaultValue": "Deny"
45+
"defaultValue": "Deny",
46+
"metadata": {
47+
"displayName": "Effect",
48+
"description": "Enable or disable the execution of the policy"
49+
}
4450
}
4551
}
4652
PARAMETERS

policydefinition-deny_publicendpoint_postgresql.tf

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,12 @@ resource "azurerm_policy_definition" "deny_publicendpoint_postgresql" {
55
mode = "All"
66
display_name = "Public network access should be disabled for PostgreSql"
77
description = "This policy denies creation of Postgre SQL DB accounts with exposed public endpoints"
8+
metadata = <<METADATA
9+
{
10+
"version": "1.0.0",
11+
"category": "SQL"
12+
}
13+
METADATA
814

915
management_group_name = var.management_group_name
1016
policy_rule = <<POLICYRULE
@@ -31,16 +37,16 @@ POLICYRULE
3137
{
3238
"effect": {
3339
"type": "String",
34-
"metadata": {
35-
"displayName": "Effect",
36-
"description": "Enable or disable the execution of the policy"
37-
},
3840
"allowedValues": [
3941
"Audit",
4042
"Deny",
4143
"Disabled"
4244
],
43-
"defaultValue": "Deny"
45+
"defaultValue": "Deny",
46+
"metadata": {
47+
"displayName": "Effect",
48+
"description": "Enable or disable the execution of the policy"
49+
}
4450
}
4551
}
4652
PARAMETERS

policydefinition-deny_publicendpoint_sql.tf

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,12 @@ resource "azurerm_policy_definition" "deny_publicendpoint_sql" {
55
mode = "All"
66
display_name = "Public network access on Azure SQL Database should be disabled"
77
description = "This policy denies creation of Sql servers with exposed public endpoints"
8+
metadata = <<METADATA
9+
{
10+
"version": "1.0.0",
11+
"category": "SQL"
12+
}
13+
METADATA
814

915
management_group_name = var.management_group_name
1016
policy_rule = <<POLICYRULE
@@ -31,16 +37,16 @@ POLICYRULE
3137
{
3238
"effect": {
3339
"type": "String",
34-
"metadata": {
35-
"displayName": "Effect",
36-
"description": "Enable or disable the execution of the policy"
37-
},
3840
"allowedValues": [
3941
"Audit",
4042
"Deny",
4143
"Disabled"
4244
],
43-
"defaultValue": "Deny"
45+
"defaultValue": "Deny",
46+
"metadata": {
47+
"displayName": "Effect",
48+
"description": "Enable or disable the execution of the policy"
49+
}
4450
}
4551
}
4652
PARAMETERS

policydefinition-deny_publicendpoint_storage.tf

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,12 @@ resource "azurerm_policy_definition" "deny_publicendpoint_storage" {
55
mode = "All"
66
display_name = "Public network access onStorage accounts should be disabled"
77
description = "This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints"
8+
metadata = <<METADATA
9+
{
10+
"version": "1.0.0",
11+
"category": "Storage"
12+
}
13+
METADATA
814

915
management_group_name = var.management_group_name
1016
policy_rule = <<POLICYRULE
@@ -31,16 +37,16 @@ POLICYRULE
3137
{
3238
"effect": {
3339
"type": "String",
34-
"metadata": {
35-
"displayName": "Effect",
36-
"description": "Enable or disable the execution of the policy"
37-
},
3840
"allowedValues": [
3941
"Audit",
4042
"Deny",
4143
"Disabled"
4244
],
43-
"defaultValue": "Deny"
45+
"defaultValue": "Deny",
46+
"metadata": {
47+
"displayName": "Effect",
48+
"description": "Enable or disable the execution of the policy"
49+
}
4450
}
4551
}
4652
PARAMETERS

0 commit comments

Comments
 (0)