From fbd8ff9796173c619af372577c4cefcdc13dbf3c Mon Sep 17 00:00:00 2001 From: Brunoga-MS Date: Thu, 4 Jul 2024 16:08:47 +0200 Subject: [PATCH] Ensuring alignment of effect allowed values in the initiative with the ones from the single policyDefinitions --- .../Enforce-Guardrails-KeyVault.json | 3 +++ .../Enforce-Guardrails-Kubernetes.json | 18 ++++++++++++++++++ .../Enforce-Guardrails-Network.json | 12 ++++++++---- .../Enforce-Guardrails-Synapse.json | 1 - 4 files changed, 29 insertions(+), 5 deletions(-) diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json index 0ae85c071b..0f5889c710 100644 --- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json +++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json @@ -236,8 +236,11 @@ "type": "string", "defaultValue": "Disabled", "allowedValues": [ + "audit", "Audit", + "deny", "Deny", + "disabled", "Disabled" ] }, diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Kubernetes.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Kubernetes.json index 508501d2e2..2f8f18358b 100644 --- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Kubernetes.json +++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Kubernetes.json @@ -81,8 +81,11 @@ "type": "string", "defaultValue": "Deny", "allowedValues": [ + "audit", "Audit", + "deny", "Deny", + "disabled", "Disabled" ] }, @@ -90,8 +93,11 @@ "type": "string", "defaultValue": "Deny", "allowedValues": [ + "audit", "Audit", + "deny", "Deny", + "disabled", "Disabled" ] }, @@ -99,8 +105,11 @@ "type": "string", "defaultValue": "Deny", "allowedValues": [ + "audit", "Audit", + "deny", "Deny", + "disabled", "Disabled" ] }, @@ -117,8 +126,11 @@ "type": "string", "defaultValue": "Deny", "allowedValues": [ + "audit", "Audit", + "deny", "Deny", + "disabled", "Disabled" ] }, @@ -126,8 +138,11 @@ "type": "string", "defaultValue": "Deny", "allowedValues": [ + "audit", "Audit", + "deny", "Deny", + "disabled", "Disabled" ] }, @@ -144,8 +159,11 @@ "type": "string", "defaultValue": "Deny", "allowedValues": [ + "audit", "Audit", + "deny", "Deny", + "disabled", "Disabled" ] }, diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.json index a90c9872ab..bde3229a77 100644 --- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.json +++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.json @@ -56,7 +56,12 @@ }, "vnetModifyDdos": { "type": "string", - "defaultValue": "Modify" + "defaultValue": "Modify", + "allowedValues": [ + "Audit", + "Modify", + "Disabled" + ] }, "ddosPlanResourceId": { "type": "string", @@ -229,9 +234,8 @@ "type": "string", "defaultValue": "Deny", "allowedValues": [ - "Audit", - "Deny", - "Disabled" + "Allow", + "Deny" ] }, "modifyNsgRuleProtocol": { diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Synapse.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Synapse.json index 7ba4b798e0..392e5d293f 100644 --- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Synapse.json +++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Synapse.json @@ -65,7 +65,6 @@ "defaultValue": "Audit", "allowedValues": [ "Audit", - "Deny", "Disabled" ] },