Skip to content

Commit

Permalink
Update Azure Policy api-version to 2024-05-01 (#29790)
Browse files Browse the repository at this point in the history 
* Copied from the previous api-version

* Add the new override kind

* update sdk-suppressions.yaml

* Address linter rules

* Address lint error

---------

Co-authored-by: Alancere <804873052@qq.com>
  • Loading branch information
@robga @Alancere
robga and Alancere authored Aug 1, 2024
1 parent bafeeaa commit 8ad81f2
Show file tree
Hide file tree
Showing 84 changed files with 10,151 additions and 17 deletions.
120 changes: 120 additions & 0 deletions specification/resources/resource-manager/Microsoft.Authorization/common/v2/types.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,120 @@
{
"swagger": "2.0",
"info": {
"title": "PolicyClient",
"version": "v2"
},
"paths": {},
"definitions": {
"Selector": {
"description": "The selector expression.",
"type": "object",
"properties": {
"kind": {
"type": "string",
"description": "The selector kind.",
"enum": [
"resourceLocation",
"resourceType",
"resourceWithoutLocation",
"policyDefinitionReferenceId"
],
"x-ms-enum": {
"name": "SelectorKind",
"modelAsString": true,
"values": [
{
"value": "resourceLocation",
"description": "The selector kind to filter policies by the resource location."
},
{
"value": "resourceType",
"description": "The selector kind to filter policies by the resource type."
},
{
"value": "resourceWithoutLocation",
"description": "The selector kind to filter policies by the resource without location."
},
{
"value": "policyDefinitionReferenceId",
"description": "The selector kind to filter policies by the policy definition reference ID."
}
]
}
},
"in": {
"type": "array",
"items": {
"type": "string"
},
"description": "The list of values to filter in."
},
"notIn": {
"type": "array",
"items": {
"type": "string"
},
"description": "The list of values to filter out."
}
}
},
"ResourceSelector": {
"description": "The resource selector to filter policies by resource properties.",
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "The name of the resource selector."
},
"selectors": {
"type": "array",
"items": {
"$ref": "#/definitions/Selector"
},
"x-ms-identifiers": [],
"description": "The list of the selector expressions."
}
}
},
"Override": {
"description": "The policy property value override.",
"type": "object",
"properties": {
"kind": {
"type": "string",
"description": "The override kind.",
"enum": [
"policyEffect",
"definitionVersion"
],
"x-ms-enum": {
"name": "OverrideKind",
"modelAsString": true,
"values": [
{
"value": "policyEffect",
"description": "It will override the policy effect type."
},
{
"value": "definitionVersion",
"description": "It will override the definition version property value of the policy assignment."
}
]
}
},
"value": {
"type": "string",
"description": "The value to override the policy property."
},
"selectors": {
"type": "array",
"items": {
"$ref": "#/definitions/Selector"
},
"x-ms-identifiers": [],
"description": "The list of the selector expressions."
}
}
}
}
}
95 changes: 95 additions & 0 deletions ...er/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicyDefinition.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
{
"parameters": {
"subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
"policyDefinitionName": "ResourceNaming",
"api-version": "2024-05-01",
"parameters": {
"properties": {
"mode": "All",
"displayName": "Enforce resource naming convention",
"description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'",
"metadata": {
"category": "Naming"
},
"policyRule": {
"if": {
"not": {
"field": "name",
"like": "[concat(parameters('prefix'), '*', parameters('suffix'))]"
}
},
"then": {
"effect": "deny"
}
},
"parameters": {
"prefix": {
"type": "String",
"metadata": {
"displayName": "Prefix",
"description": "Resource name prefix"
}
},
"suffix": {
"type": "String",
"metadata": {
"displayName": "Suffix",
"description": "Resource name suffix"
}
}
}
}
}
},
"responses": {
"201": {
"headers": {},
"body": {
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "ResourceNaming",
"properties": {
"mode": "All",
"displayName": "Naming Convention",
"description": "Force resource names to begin with 'prefix' and end with 'suffix'",
"metadata": {
"category": "Naming"
},
"version": "1.2.1",
"versions": [
"1.2.1",
"1.0.0"
],
"policyRule": {
"if": {
"not": {
"field": "name",
"like": "[concat(parameters('prefix'), '*', parameters('suffix'))]"
}
},
"then": {
"effect": "deny"
}
},
"parameters": {
"prefix": {
"type": "String",
"metadata": {
"displayName": "Prefix",
"description": "Resource name prefix"
}
},
"suffix": {
"type": "String",
"metadata": {
"displayName": "Suffix",
"description": "Resource name suffix"
}
}
},
"policyType": "Custom"
}
}
}
}
}
122 changes: 122 additions & 0 deletions ...uthorization/stable/2024-05-01/examples/createOrUpdatePolicyDefinitionAdvancedParams.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,122 @@
{
"parameters": {
"subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
"policyDefinitionName": "EventHubDiagnosticLogs",
"api-version": "2024-05-01",
"parameters": {
"properties": {
"mode": "Indexed",
"displayName": "Event Hubs should have diagnostic logging enabled",
"description": "Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised",
"metadata": {
"category": "Event Hub"
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.EventHub/namespaces"
},
"then": {
"effect": "AuditIfNotExists",
"details": {
"type": "Microsoft.Insights/diagnosticSettings",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled",
"equals": "true"
},
{
"field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days",
"equals": "[parameters('requiredRetentionDays')]"
}
]
}
}
}
},
"parameters": {
"requiredRetentionDays": {
"type": "Integer",
"defaultValue": 365,
"allowedValues": [
0,
30,
90,
180,
365
],
"metadata": {
"displayName": "Required retention (days)",
"description": "The required diagnostic logs retention in days"
}
}
}
}
}
},
"responses": {
"201": {
"headers": {},
"body": {
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "ResourceNaming",
"properties": {
"mode": "Indexed",
"displayName": "Event Hubs should have diagnostic logging enabled",
"description": "Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised",
"metadata": {
"category": "Event Hub"
},
"version": "1.2.1",
"versions": [
"1.2.1",
"1.0.0"
],
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.EventHub/namespaces"
},
"then": {
"effect": "AuditIfNotExists",
"details": {
"type": "Microsoft.Insights/diagnosticSettings",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled",
"equals": "true"
},
{
"field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days",
"equals": "[parameters('requiredRetentionDays')]"
}
]
}
}
}
},
"parameters": {
"requiredRetentionDays": {
"type": "Integer",
"defaultValue": 365,
"allowedValues": [
0,
30,
90,
180,
365
],
"metadata": {
"displayName": "Required retention (days)",
"description": "The required diagnostic logs retention in days"
}
}
}
}
}
}
}
}
Loading

0 comments on commit 8ad81f2

Please sign in to comment.