feat: update library (automated)

platform/alz/policy_definitions/Append-AppService-httpsonly.alz_policy_definition.json

@@ -0,0 +1,57 @@
+{
+  "name": "Append-AppService-httpsonly",
+  "properties": {
+    "description": "Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.",
+    "displayName": "AppService append enable https only setting to enforce https setting.",
+    "metadata": {
+      "alzCloudEnvironments": [
+        "AzureCloud",
+        "AzureChinaCloud",
+        "AzureUSGovernment"
+      ],
+      "category": "App Service",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "version": "1.0.0"
+    },
+    "mode": "All",
+    "parameters": {
+      "effect": {
+        "allowedValues": [
+          "Append",
+          "Disabled"
+        ],
+        "defaultValue": "Append",
+        "metadata": {
+          "description": "Enable or disable the execution of the policy",
+          "displayName": "Effect"
+        },
+        "type": "String"
+      }
+    },
+    "policyRule": {
+      "if": {
+        "allOf": [
+          {
+            "equals": "Microsoft.Web/sites",
+            "field": "type"
+          },
+          {
+            "field": "Microsoft.Web/sites/httpsOnly",
+            "notequals": true
+          }
+        ]
+      },
+      "then": {
+        "details": [
+          {
+            "field": "Microsoft.Web/sites/httpsOnly",
+            "value": true
+          }
+        ],
+        "effect": "[parameters('effect')]"
+      }
+    },
+    "policyType": "Custom"
+  },
+  "type": "Microsoft.Authorization/policyDefinitions"
+}

platform/alz/policy_definitions/Append-AppService-latestTLS.alz_policy_definition.json

@@ -0,0 +1,70 @@
+{
+  "name": "Append-AppService-latestTLS",
+  "properties": {
+    "description": "Append the AppService sites object to ensure that min Tls version is set to required minimum TLS version. Please note Append does not enforce compliance use then deny.",
+    "displayName": "AppService append sites with minimum TLS version to enforce.",
+    "metadata": {
+      "alzCloudEnvironments": [
+        "AzureCloud",
+        "AzureChinaCloud",
+        "AzureUSGovernment"
+      ],
+      "category": "App Service",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "version": "1.1.0"
+    },
+    "mode": "All",
+    "parameters": {
+      "effect": {
+        "allowedValues": [
+          "Append",
+          "Disabled"
+        ],
+        "defaultValue": "Append",
+        "metadata": {
+          "description": "Enable or disable the execution of the policy",
+          "displayName": "Effect"
+        },
+        "type": "String"
+      },
+      "minTlsVersion": {
+        "allowedValues": [
+          "1.2",
+          "1.0",
+          "1.1"
+        ],
+        "defaultValue": "1.2",
+        "metadata": {
+          "description": "Select version  minimum TLS version for a  Web App config to enforce",
+          "displayName": "Select version minimum TLS Web App config"
+        },
+        "type": "String"
+      }
+    },
+    "policyRule": {
+      "if": {
+        "allOf": [
+          {
+            "exists": "true",
+            "field": "Microsoft.Web/sites/config/minTlsVersion"
+          },
+          {
+            "field": "Microsoft.Web/sites/config/minTlsVersion",
+            "notEquals": "[parameters('minTlsVersion')]"
+          }
+        ]
+      },
+      "then": {
+        "details": [
+          {
+            "field": "Microsoft.Web/sites/config/minTlsVersion",
+            "value": "[parameters('minTlsVersion')]"
+          }
+        ],
+        "effect": "[parameters('effect')]"
+      }
+    },
+    "policyType": "Custom"
+  },
+  "type": "Microsoft.Authorization/policyDefinitions"
+}

platform/alz/policy_definitions/Append-KV-SoftDelete.alz_policy_definition.json

@@ -0,0 +1,48 @@
+{
+  "name": "Append-KV-SoftDelete",
+  "properties": {
+    "description": "This policy enables you to ensure when a Key Vault is created with out soft delete enabled it will be added.",
+    "displayName": "KeyVault SoftDelete should be enabled",
+    "metadata": {
+      "alzCloudEnvironments": [
+        "AzureCloud",
+        "AzureChinaCloud",
+        "AzureUSGovernment"
+      ],
+      "category": "Key Vault",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "version": "1.0.0"
+    },
+    "mode": "Indexed",
+    "parameters": {},
+    "policyRule": {
+      "if": {
+        "anyOf": [
+          {
+            "allOf": [
+              {
+                "equals": "Microsoft.KeyVault/vaults",
+                "field": "type"
+              },
+              {
+                "field": "Microsoft.KeyVault/vaults/enableSoftDelete",
+                "notEquals": true
+              }
+            ]
+          }
+        ]
+      },
+      "then": {
+        "details": [
+          {
+            "field": "Microsoft.KeyVault/vaults/enableSoftDelete",
+            "value": true
+          }
+        ],
+        "effect": "append"
+      }
+    },
+    "policyType": "Custom"
+  },
+  "type": "Microsoft.Authorization/policyDefinitions"
+}

platform/alz/policy_definitions/Append-Redis-disableNonSslPort.alz_policy_definition.json

@@ -0,0 +1,61 @@
+{
+  "name": "Append-Redis-disableNonSslPort",
+  "properties": {
+    "description": "Azure Cache for Redis Append and the enforcement that enableNonSslPort is disabled. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
+    "displayName": "Azure Cache for Redis Append and the enforcement that enableNonSslPort is disabled.",
+    "metadata": {
+      "alzCloudEnvironments": [
+        "AzureCloud",
+        "AzureChinaCloud",
+        "AzureUSGovernment"
+      ],
+      "category": "Cache",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "version": "1.0.1"
+    },
+    "mode": "Indexed",
+    "parameters": {
+      "effect": {
+        "allowedValues": [
+          "Append",
+          "Disabled"
+        ],
+        "defaultValue": "Append",
+        "metadata": {
+          "description": "Enable or disable the execution of the policy minimum TLS version Azure Cache for Redis",
+          "displayName": "Effect Azure Cache for Redis"
+        },
+        "type": "String"
+      }
+    },
+    "policyRule": {
+      "if": {
+        "allOf": [
+          {
+            "equals": "Microsoft.Cache/redis",
+            "field": "type"
+          },
+          {
+            "anyOf": [
+              {
+                "equals": "true",
+                "field": "Microsoft.Cache/Redis/enableNonSslPort"
+              }
+            ]
+          }
+        ]
+      },
+      "then": {
+        "details": [
+          {
+            "field": "Microsoft.Cache/Redis/enableNonSslPort",
+            "value": false
+          }
+        ],
+        "effect": "[parameters('effect')]"
+      }
+    },
+    "policyType": "Custom"
+  },
+  "type": "Microsoft.Authorization/policyDefinitions"
+}

platform/alz/policy_definitions/Append-Redis-sslEnforcement.alz_policy_definition.json

@@ -0,0 +1,74 @@
+{
+  "name": "Append-Redis-sslEnforcement",
+  "properties": {
+    "description": "Append a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
+    "displayName": "Azure Cache for Redis Append a specific min TLS version requirement and enforce TLS.",
+    "metadata": {
+      "alzCloudEnvironments": [
+        "AzureCloud",
+        "AzureChinaCloud",
+        "AzureUSGovernment"
+      ],
+      "category": "Cache",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "version": "1.0.0"
+    },
+    "mode": "Indexed",
+    "parameters": {
+      "effect": {
+        "allowedValues": [
+          "Append",
+          "Disabled"
+        ],
+        "defaultValue": "Append",
+        "metadata": {
+          "description": "Enable or disable the execution of the policy minimum TLS version Azure Cache for Redis",
+          "displayName": "Effect Azure Cache for Redis"
+        },
+        "type": "String"
+      },
+      "minimumTlsVersion": {
+        "allowedValues": [
+          "1.2",
+          "1.1",
+          "1.0"
+        ],
+        "defaultValue": "1.2",
+        "metadata": {
+          "description": "Select version minimum TLS version Azure Cache for Redis to enforce",
+          "displayName": "Select version for Redis server"
+        },
+        "type": "String"
+      }
+    },
+    "policyRule": {
+      "if": {
+        "allOf": [
+          {
+            "equals": "Microsoft.Cache/redis",
+            "field": "type"
+          },
+          {
+            "anyOf": [
+              {
+                "field": "Microsoft.Cache/Redis/minimumTlsVersion",
+                "notequals": "[parameters('minimumTlsVersion')]"
+              }
+            ]
+          }
+        ]
+      },
+      "then": {
+        "details": [
+          {
+            "field": "Microsoft.Cache/Redis/minimumTlsVersion",
+            "value": "[parameters('minimumTlsVersion')]"
+          }
+        ],
+        "effect": "[parameters('effect')]"
+      }
+    },
+    "policyType": "Custom"
+  },
+  "type": "Microsoft.Authorization/policyDefinitions"
+}