Azure
/
data-management-zone
зеркало из https://github.com/Azure/data-management-zone.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

added keyvault policies

This commit is contained in:
Marvin Buss 2020-12-14 10:47:54 +01:00
Родитель ff9f9b4745
Коммит 2665b1bb35
4 изменённых файлов: 187 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

48
infra/Policies/DataPolicies/params.policyDefinition.Deny-KeyVault-NetworkAclsBypass.json Normal file
Просмотреть файл

@ -0,0 +1,48 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"policyName": {
"value": "Deny-KeyVault-NetworkAclsBypass"
},
"policyDescription": {
"value": "Enforces bypass network level rules for key vault."
},
"policyMode": {
"value": "All"
},
"policyParameters": {
"value": {}
},
"policyDefinition": {
"value": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.KeyVault/vaults"
},
{
"field": "Microsoft.Keyvault/vaults/networkAcls.bypass",
"notIn": [
"None",
"AzureServices"
]
}
]
},
"then": {
"effect": "Deny"
}
}
},
"policyMetadata": {
"value": {
"version": "1.0.0",
"category": "Key Vault",
"preview": false,
"deprecated": false
}
}
}
}

45
infra/Policies/DataPolicies/params.policyDefinition.Deny-KeyVault-NetworkAclsDefaultAction.json Normal file
Просмотреть файл

@ -0,0 +1,45 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"policyName": {
"value": "Deny-KeyVault-NetworkAclsDefaultAction"
},
"policyDescription": {
"value": "Enforces default network acl level action for key vault."
},
"policyMode": {
"value": "All"
},
"policyParameters": {
"value": {}
},
"policyDefinition": {
"value": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.KeyVault/vaults"
},
{
"field": "Microsoft.KeyVault/vaults/networkAcls.defaultAction",
"notEquals": "Deny"
}
]
},
"then": {
"effect": "Deny"
}
}
},
"policyMetadata": {
"value": {
"version": "1.0.0",
"category": "Key Vault",
"preview": false,
"deprecated": false
}
}
}
}

47
infra/Policies/DataPolicies/params.policyDefinition.Deny-KeyVault-NetworkAclsIpRules.json Normal file
Просмотреть файл

@ -0,0 +1,47 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"policyName": {
"value": "Deny-KeyVault-NetworkAclsIpRules"
},
"policyDescription": {
"value": "Enforces network ip rules for key vault."
},
"policyMode": {
"value": "All"
},
"policyParameters": {
"value": {}
},
"policyDefinition": {
"value": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.KeyVault/vaults"
},
{
"count": {
"field": "Microsoft.KeyVault/vaults/networkAcls.ipRules[*]"
},
"greater": 0
}
]
},
"then": {
"effect": "Deny"
}
}
},
"policyMetadata": {
"value": {
"version": "1.0.0",
"category": "Key Vault",
"preview": false,
"deprecated": false
}
}
}
}

47
infra/Policies/DataPolicies/params.policyDefinition.Deny-KeyVault-NetworkAclsVirtualNetworkRules.json Normal file
Просмотреть файл

@ -0,0 +1,47 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"policyName": {
"value": "Deny-KeyVault-NetworkAclsVirtualNetworkRules"
},
"policyDescription": {
"value": "Denies virtual network rules for key vault."
},
"policyMode": {
"value": "All"
},
"policyParameters": {
"value": {}
},
"policyDefinition": {
"value": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.KeyVault/vaults"
},
{
"count": {
"field": "Microsoft.KeyVault/vaults/networkAcls.virtualNetworkRules[*]"
},
"greater": 0
}
]
},
"then": {
"effect": "Deny"
}
}
},
"policyMetadata": {
"value": {
"version": "1.0.0",
"category": "Key Vault",
"preview": false,
"deprecated": false
}
}
}
}