From 1babd7c751fcf4b45d0a7b7ef062b01a7bdeec12 Mon Sep 17 00:00:00 2001 From: github-actions Date: Mon, 19 Aug 2024 08:01:19 +0000 Subject: [PATCH] Update Library Templates (automated) --- ...tion_es_deploy_private_dns_zones.tmpl.json | 6 +++--- ...set_definition_es_enforce_backup.tmpl.json | 2 +- ...n_es_enforce_guardrails_keyvault.tmpl.json | 5 ++++- ...es_enforce_guardrails_kubernetes.tmpl.json | 20 ++++++++++++++++++- ...on_es_enforce_guardrails_network.tmpl.json | 14 ++++++++----- ...on_es_enforce_guardrails_synapse.tmpl.json | 3 +-- 6 files changed, 37 insertions(+), 13 deletions(-) diff --git a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.tmpl.json b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.tmpl.json index 97f15044f..27be37895 100644 --- a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.tmpl.json +++ b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.tmpl.json @@ -1430,13 +1430,13 @@ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Arc", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/55c4db33-97b0-437b-8469-c4f4498f5df9", "parameters": { - "privateDnsZoneIdForGuestConfiguration": { + "privateDnsZoneIDForGuestConfiguration": { "value": "[parameters('azureArcGuestconfigurationPrivateDnsZoneId')]" }, - "privateDnsZoneIdForHybridResourceProvider": { + "privateDnsZoneIDForHybridResourceProvider": { "value": "[parameters('azureArcHybridResourceProviderPrivateDnsZoneId')]" }, - "privateDnsZoneIdForKubernetesConfiguration": { + "privateDnsZoneIDForKubernetesConfiguration": { "value": "[parameters('azureArcKubernetesConfigurationPrivateDnsZoneId')]" }, "effect": { diff --git a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_backup.tmpl.json b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_backup.tmpl.json index 30de60651..9c1c69e4c 100644 --- a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_backup.tmpl.json +++ b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_backup.tmpl.json @@ -63,7 +63,7 @@ "effect": { "value": "[parameters('effect')]" }, - "CheckLockedImmutabiltyOnly": { + "checkLockedImmutabiltyOnly": { "value": "[parameters('checkLockedImmutabilityOnly')]" } }, diff --git a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_keyvault.tmpl.json b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_keyvault.tmpl.json index 1663c22df..c46d2cc28 100644 --- a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_keyvault.tmpl.json +++ b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_keyvault.tmpl.json @@ -8,7 +8,7 @@ "displayName": "Enforce recommended guardrails for Azure Key Vault", "description": "Enforce recommended guardrails for Azure Key Vault.", "metadata": { - "version": "2.0.0", + "version": "2.1.0", "category": "Key Vault", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -236,8 +236,11 @@ "type": "string", "defaultValue": "Disabled", "allowedValues": [ + "audit", "Audit", + "deny", "Deny", + "disabled", "Disabled" ] }, diff --git a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_kubernetes.tmpl.json b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_kubernetes.tmpl.json index 44ac2927e..85c57faf1 100644 --- a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_kubernetes.tmpl.json +++ b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_kubernetes.tmpl.json @@ -8,7 +8,7 @@ "displayName": "Enforce recommended guardrails for Kubernetes", "description": "This policy initiative is a group of policies that ensures Kubernetes is compliant per regulated Landing Zones.", "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "Kubernetes", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -81,8 +81,11 @@ "type": "string", "defaultValue": "Deny", "allowedValues": [ + "audit", "Audit", + "deny", "Deny", + "disabled", "Disabled" ] }, @@ -90,8 +93,11 @@ "type": "string", "defaultValue": "Deny", "allowedValues": [ + "audit", "Audit", + "deny", "Deny", + "disabled", "Disabled" ] }, @@ -99,8 +105,11 @@ "type": "string", "defaultValue": "Deny", "allowedValues": [ + "audit", "Audit", + "deny", "Deny", + "disabled", "Disabled" ] }, @@ -117,8 +126,11 @@ "type": "string", "defaultValue": "Deny", "allowedValues": [ + "audit", "Audit", + "deny", "Deny", + "disabled", "Disabled" ] }, @@ -126,8 +138,11 @@ "type": "string", "defaultValue": "Deny", "allowedValues": [ + "audit", "Audit", + "deny", "Deny", + "disabled", "Disabled" ] }, @@ -144,8 +159,11 @@ "type": "string", "defaultValue": "Deny", "allowedValues": [ + "audit", "Audit", + "deny", "Deny", + "disabled", "Disabled" ] }, diff --git a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_network.tmpl.json b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_network.tmpl.json index 4de2ce7f4..28a05525f 100644 --- a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_network.tmpl.json +++ b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_network.tmpl.json @@ -8,7 +8,7 @@ "displayName": "Enforce recommended guardrails for Network and Networking services", "description": "This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.", "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -56,7 +56,12 @@ }, "vnetModifyDdos": { "type": "string", - "defaultValue": "Modify" + "defaultValue": "Modify", + "allowedValues": [ + "Audit", + "Modify", + "Disabled" + ] }, "ddosPlanResourceId": { "type": "string", @@ -229,9 +234,8 @@ "type": "string", "defaultValue": "Deny", "allowedValues": [ - "Audit", - "Deny", - "Disabled" + "Allow", + "Deny" ] }, "modifyNsgRuleProtocol": { diff --git a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_synapse.tmpl.json b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_synapse.tmpl.json index 96b0213ea..011c041ca 100644 --- a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_synapse.tmpl.json +++ b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_synapse.tmpl.json @@ -8,7 +8,7 @@ "displayName": "Enforce recommended guardrails for Synapse workspaces", "description": "This policy initiative is a group of policies that ensures Synapse workspaces is compliant per regulated Landing Zones.", "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "Synapse", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -65,7 +65,6 @@ "defaultValue": "Audit", "allowedValues": [ "Audit", - "Deny", "Disabled" ] },