-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: update library (automated) (#20)
Co-authored-by: github-actions <action@github.com>
- Loading branch information
1 parent
7c97b78
commit eda8531
Showing
203 changed files
with
34,764 additions
and
0 deletions.
There are no files selected for viewing
57 changes: 57 additions & 0 deletions
57
platform/alz/policy_definitions/Append-AppService-httpsonly.alz_policy_definition.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,57 @@ | ||
| { | ||
| "name": "Append-AppService-httpsonly", | ||
| "properties": { | ||
| "description": "Appends the AppService sites object to ensure that HTTPS only is enabled for server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.", | ||
| "displayName": "AppService append enable https only setting to enforce https setting.", | ||
| "metadata": { | ||
| "alzCloudEnvironments": [ | ||
| "AzureCloud", | ||
| "AzureChinaCloud", | ||
| "AzureUSGovernment" | ||
| ], | ||
| "category": "App Service", | ||
| "source": "https://github.com/Azure/Enterprise-Scale/", | ||
| "version": "1.0.0" | ||
| }, | ||
| "mode": "All", | ||
| "parameters": { | ||
| "effect": { | ||
| "allowedValues": [ | ||
| "Append", | ||
| "Disabled" | ||
| ], | ||
| "defaultValue": "Append", | ||
| "metadata": { | ||
| "description": "Enable or disable the execution of the policy", | ||
| "displayName": "Effect" | ||
| }, | ||
| "type": "String" | ||
| } | ||
| }, | ||
| "policyRule": { | ||
| "if": { | ||
| "allOf": [ | ||
| { | ||
| "equals": "Microsoft.Web/sites", | ||
| "field": "type" | ||
| }, | ||
| { | ||
| "field": "Microsoft.Web/sites/httpsOnly", | ||
| "notequals": true | ||
| } | ||
| ] | ||
| }, | ||
| "then": { | ||
| "details": [ | ||
| { | ||
| "field": "Microsoft.Web/sites/httpsOnly", | ||
| "value": true | ||
| } | ||
| ], | ||
| "effect": "[parameters('effect')]" | ||
| } | ||
| }, | ||
| "policyType": "Custom" | ||
| }, | ||
| "type": "Microsoft.Authorization/policyDefinitions" | ||
| } |
70 changes: 70 additions & 0 deletions
70
platform/alz/policy_definitions/Append-AppService-latestTLS.alz_policy_definition.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,70 @@ | ||
| { | ||
| "name": "Append-AppService-latestTLS", | ||
| "properties": { | ||
| "description": "Append the AppService sites object to ensure that min Tls version is set to required minimum TLS version. Please note Append does not enforce compliance use then deny.", | ||
| "displayName": "AppService append sites with minimum TLS version to enforce.", | ||
| "metadata": { | ||
| "alzCloudEnvironments": [ | ||
| "AzureCloud", | ||
| "AzureChinaCloud", | ||
| "AzureUSGovernment" | ||
| ], | ||
| "category": "App Service", | ||
| "source": "https://github.com/Azure/Enterprise-Scale/", | ||
| "version": "1.1.0" | ||
| }, | ||
| "mode": "All", | ||
| "parameters": { | ||
| "effect": { | ||
| "allowedValues": [ | ||
| "Append", | ||
| "Disabled" | ||
| ], | ||
| "defaultValue": "Append", | ||
| "metadata": { | ||
| "description": "Enable or disable the execution of the policy", | ||
| "displayName": "Effect" | ||
| }, | ||
| "type": "String" | ||
| }, | ||
| "minTlsVersion": { | ||
| "allowedValues": [ | ||
| "1.2", | ||
| "1.0", | ||
| "1.1" | ||
| ], | ||
| "defaultValue": "1.2", | ||
| "metadata": { | ||
| "description": "Select version minimum TLS version for a Web App config to enforce", | ||
| "displayName": "Select version minimum TLS Web App config" | ||
| }, | ||
| "type": "String" | ||
| } | ||
| }, | ||
| "policyRule": { | ||
| "if": { | ||
| "allOf": [ | ||
| { | ||
| "exists": "true", | ||
| "field": "Microsoft.Web/sites/config/minTlsVersion" | ||
| }, | ||
| { | ||
| "field": "Microsoft.Web/sites/config/minTlsVersion", | ||
| "notEquals": "[parameters('minTlsVersion')]" | ||
| } | ||
| ] | ||
| }, | ||
| "then": { | ||
| "details": [ | ||
| { | ||
| "field": "Microsoft.Web/sites/config/minTlsVersion", | ||
| "value": "[parameters('minTlsVersion')]" | ||
| } | ||
| ], | ||
| "effect": "[parameters('effect')]" | ||
| } | ||
| }, | ||
| "policyType": "Custom" | ||
| }, | ||
| "type": "Microsoft.Authorization/policyDefinitions" | ||
| } |
48 changes: 48 additions & 0 deletions
48
platform/alz/policy_definitions/Append-KV-SoftDelete.alz_policy_definition.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,48 @@ | ||
| { | ||
| "name": "Append-KV-SoftDelete", | ||
| "properties": { | ||
| "description": "This policy enables you to ensure when a Key Vault is created with out soft delete enabled it will be added.", | ||
| "displayName": "KeyVault SoftDelete should be enabled", | ||
| "metadata": { | ||
| "alzCloudEnvironments": [ | ||
| "AzureCloud", | ||
| "AzureChinaCloud", | ||
| "AzureUSGovernment" | ||
| ], | ||
| "category": "Key Vault", | ||
| "source": "https://github.com/Azure/Enterprise-Scale/", | ||
| "version": "1.0.0" | ||
| }, | ||
| "mode": "Indexed", | ||
| "parameters": {}, | ||
| "policyRule": { | ||
| "if": { | ||
| "anyOf": [ | ||
| { | ||
| "allOf": [ | ||
| { | ||
| "equals": "Microsoft.KeyVault/vaults", | ||
| "field": "type" | ||
| }, | ||
| { | ||
| "field": "Microsoft.KeyVault/vaults/enableSoftDelete", | ||
| "notEquals": true | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| }, | ||
| "then": { | ||
| "details": [ | ||
| { | ||
| "field": "Microsoft.KeyVault/vaults/enableSoftDelete", | ||
| "value": true | ||
| } | ||
| ], | ||
| "effect": "append" | ||
| } | ||
| }, | ||
| "policyType": "Custom" | ||
| }, | ||
| "type": "Microsoft.Authorization/policyDefinitions" | ||
| } |
61 changes: 61 additions & 0 deletions
61
platform/alz/policy_definitions/Append-Redis-disableNonSslPort.alz_policy_definition.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,61 @@ | ||
| { | ||
| "name": "Append-Redis-disableNonSslPort", | ||
| "properties": { | ||
| "description": "Azure Cache for Redis Append and the enforcement that enableNonSslPort is disabled. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.", | ||
| "displayName": "Azure Cache for Redis Append and the enforcement that enableNonSslPort is disabled.", | ||
| "metadata": { | ||
| "alzCloudEnvironments": [ | ||
| "AzureCloud", | ||
| "AzureChinaCloud", | ||
| "AzureUSGovernment" | ||
| ], | ||
| "category": "Cache", | ||
| "source": "https://github.com/Azure/Enterprise-Scale/", | ||
| "version": "1.0.1" | ||
| }, | ||
| "mode": "Indexed", | ||
| "parameters": { | ||
| "effect": { | ||
| "allowedValues": [ | ||
| "Append", | ||
| "Disabled" | ||
| ], | ||
| "defaultValue": "Append", | ||
| "metadata": { | ||
| "description": "Enable or disable the execution of the policy minimum TLS version Azure Cache for Redis", | ||
| "displayName": "Effect Azure Cache for Redis" | ||
| }, | ||
| "type": "String" | ||
| } | ||
| }, | ||
| "policyRule": { | ||
| "if": { | ||
| "allOf": [ | ||
| { | ||
| "equals": "Microsoft.Cache/redis", | ||
| "field": "type" | ||
| }, | ||
| { | ||
| "anyOf": [ | ||
| { | ||
| "equals": "true", | ||
| "field": "Microsoft.Cache/Redis/enableNonSslPort" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| }, | ||
| "then": { | ||
| "details": [ | ||
| { | ||
| "field": "Microsoft.Cache/Redis/enableNonSslPort", | ||
| "value": false | ||
| } | ||
| ], | ||
| "effect": "[parameters('effect')]" | ||
| } | ||
| }, | ||
| "policyType": "Custom" | ||
| }, | ||
| "type": "Microsoft.Authorization/policyDefinitions" | ||
| } |
74 changes: 74 additions & 0 deletions
74
platform/alz/policy_definitions/Append-Redis-sslEnforcement.alz_policy_definition.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,74 @@ | ||
| { | ||
| "name": "Append-Redis-sslEnforcement", | ||
| "properties": { | ||
| "description": "Append a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.", | ||
| "displayName": "Azure Cache for Redis Append a specific min TLS version requirement and enforce TLS.", | ||
| "metadata": { | ||
| "alzCloudEnvironments": [ | ||
| "AzureCloud", | ||
| "AzureChinaCloud", | ||
| "AzureUSGovernment" | ||
| ], | ||
| "category": "Cache", | ||
| "source": "https://github.com/Azure/Enterprise-Scale/", | ||
| "version": "1.0.0" | ||
| }, | ||
| "mode": "Indexed", | ||
| "parameters": { | ||
| "effect": { | ||
| "allowedValues": [ | ||
| "Append", | ||
| "Disabled" | ||
| ], | ||
| "defaultValue": "Append", | ||
| "metadata": { | ||
| "description": "Enable or disable the execution of the policy minimum TLS version Azure Cache for Redis", | ||
| "displayName": "Effect Azure Cache for Redis" | ||
| }, | ||
| "type": "String" | ||
| }, | ||
| "minimumTlsVersion": { | ||
| "allowedValues": [ | ||
| "1.2", | ||
| "1.1", | ||
| "1.0" | ||
| ], | ||
| "defaultValue": "1.2", | ||
| "metadata": { | ||
| "description": "Select version minimum TLS version Azure Cache for Redis to enforce", | ||
| "displayName": "Select version for Redis server" | ||
| }, | ||
| "type": "String" | ||
| } | ||
| }, | ||
| "policyRule": { | ||
| "if": { | ||
| "allOf": [ | ||
| { | ||
| "equals": "Microsoft.Cache/redis", | ||
| "field": "type" | ||
| }, | ||
| { | ||
| "anyOf": [ | ||
| { | ||
| "field": "Microsoft.Cache/Redis/minimumTlsVersion", | ||
| "notequals": "[parameters('minimumTlsVersion')]" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| }, | ||
| "then": { | ||
| "details": [ | ||
| { | ||
| "field": "Microsoft.Cache/Redis/minimumTlsVersion", | ||
| "value": "[parameters('minimumTlsVersion')]" | ||
| } | ||
| ], | ||
| "effect": "[parameters('effect')]" | ||
| } | ||
| }, | ||
| "policyType": "Custom" | ||
| }, | ||
| "type": "Microsoft.Authorization/policyDefinitions" | ||
| } |
Oops, something went wrong.