-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Built-in Policy Release 090250c3 (#1287)
Co-authored-by: Azure Policy Bot <azgovpolicy@microsoft.com>
- Loading branch information
1 parent
e7f11f9
commit f7319d6
Showing
5,726 changed files
with
223,621 additions
and
206,953 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
There are no files selected for viewing
54 changes: 54 additions & 0 deletions
54
built-in-policies/policyDefinitions/API Management/AllApiSubscription_AuditDeny.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
{ | ||
"properties": { | ||
"displayName": "API Management subscriptions should not be scoped to all APIs", | ||
"policyType": "BuiltIn", | ||
"mode": "All", | ||
"description": "API Management subscriptions should be scoped to a product or an individual API instead of all APIs, which could result in an excessive data exposure.", | ||
"metadata": { | ||
"version": "1.1.0", | ||
"category": "API Management" | ||
}, | ||
"version": "1.1.0", | ||
"policyRule": { | ||
"if": { | ||
"allOf": [ | ||
{ | ||
"field": "type", | ||
"equals": "Microsoft.ApiManagement/service/subscriptions" | ||
}, | ||
{ | ||
"field": "Microsoft.ApiManagement/service/subscriptions/scope", | ||
"like": "*/apis" | ||
}, | ||
{ | ||
"field": "Microsoft.ApiManagement/service/subscriptions/state", | ||
"equals": "active" | ||
} | ||
] | ||
}, | ||
"then": { | ||
"effect": "[parameters('effect')]" | ||
} | ||
}, | ||
"parameters": { | ||
"effect": { | ||
"type": "string", | ||
"metadata": { | ||
"displayName": "Effect", | ||
"description": "Enable or disable the execution of the policy" | ||
}, | ||
"allowedValues": [ | ||
"Audit", | ||
"Disabled", | ||
"Deny" | ||
], | ||
"defaultValue": "Audit" | ||
} | ||
}, | ||
"versions": [ | ||
"1.1.0" | ||
] | ||
}, | ||
"id": "/providers/Microsoft.Authorization/policyDefinitions/3aa03346-d8c5-4994-a5bc-7652c2a2aef1", | ||
"name": "3aa03346-d8c5-4994-a5bc-7652c2a2aef1" | ||
} |
72 changes: 72 additions & 0 deletions
72
built-in-policies/policyDefinitions/API Management/AllowedVNETSkus_AuditDeny.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
{ | ||
"properties": { | ||
"displayName": "API Management service should use a SKU that supports virtual networks", | ||
"policyType": "BuiltIn", | ||
"mode": "Indexed", | ||
"description": "With supported SKUs of API Management, deploying service into a virtual network unlocks advanced API Management networking and security features which provides you greater control over your network security configuration. Learn more at: https://aka.ms/apimvnet.", | ||
"metadata": { | ||
"version": "1.0.0", | ||
"category": "API Management" | ||
}, | ||
"version": "1.0.0", | ||
"parameters": { | ||
"effect": { | ||
"type": "String", | ||
"metadata": { | ||
"displayName": "Effect", | ||
"description": "Enable or disable the execution of the policy" | ||
}, | ||
"allowedValues": [ | ||
"Audit", | ||
"Deny", | ||
"Disabled" | ||
], | ||
"defaultValue": "Audit" | ||
}, | ||
"listOfAllowedSKUs": { | ||
"type": "Array", | ||
"metadata": { | ||
"description": "The list of SKUs that can be specified for Azure API Management service.", | ||
"displayName": "Allowed SKUs" | ||
}, | ||
"allowedValues": [ | ||
"Developer", | ||
"Basic", | ||
"Standard", | ||
"Premium", | ||
"Isolated", | ||
"Consumption" | ||
], | ||
"defaultValue": [ | ||
"Developer", | ||
"Premium", | ||
"Isolated" | ||
] | ||
} | ||
}, | ||
"policyRule": { | ||
"if": { | ||
"allOf": [ | ||
{ | ||
"field": "type", | ||
"equals": "Microsoft.ApiManagement/service" | ||
}, | ||
{ | ||
"not": { | ||
"field": "Microsoft.ApiManagement/service/sku.name", | ||
"in": "[parameters('listOfAllowedSKUs')]" | ||
} | ||
} | ||
] | ||
}, | ||
"then": { | ||
"effect": "[parameters('effect')]" | ||
} | ||
}, | ||
"versions": [ | ||
"1.0.0" | ||
] | ||
}, | ||
"id": "/providers/Microsoft.Authorization/policyDefinitions/73ef9241-5d81-4cd4-b483-8443d1730fe5", | ||
"name": "73ef9241-5d81-4cd4-b483-8443d1730fe5" | ||
} |
51 changes: 0 additions & 51 deletions
51
...policies/policyDefinitions/API Management/ApiManagement_AllApiSubscription_AuditDeny.json
This file was deleted.
Oops, something went wrong.
69 changes: 0 additions & 69 deletions
69
...in-policies/policyDefinitions/API Management/ApiManagement_AllowedVNETSkus_AuditDeny.json
This file was deleted.
Oops, something went wrong.
79 changes: 0 additions & 79 deletions
79
built-in-policies/policyDefinitions/API Management/ApiManagement_BackendAuth_AuditDeny.json
This file was deleted.
Oops, something went wrong.
55 changes: 0 additions & 55 deletions
55
...es/policyDefinitions/API Management/ApiManagement_BackendCertificateChecks_AuditDeny.json
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.