This repository has been archived by the owner on May 24, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 10
/
policydefinition-deny_postgresql_http.tf
85 lines (80 loc) · 2.31 KB
/
policydefinition-deny_postgresql_http.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# This file was auto generated
resource "azurerm_policy_definition" "deny_postgresql_http" {
name = "Deny-PostgreSql-http"
policy_type = "Custom"
mode = "All"
display_name = "PostgreSQL database servers enforce SSL connection."
description = "Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server."
metadata = <<METADATA
{
"version": "1.0.1",
"category": "SQL"
}
METADATA
management_group_name = var.management_group_name
policy_rule = <<POLICYRULE
{
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.DBforPostgreSQL/servers"
},
{
"anyOf": [
{
"field": "Microsoft.DBforPostgreSQL/servers/sslEnforcement",
"exists": "false"
},
{
"field": "Microsoft.DBforPostgreSQL/servers/sslEnforcement",
"notEquals": "Enabled"
},
{
"field": "Microsoft.DBforPostgreSQL/servers/minimalTlsVersion",
"notequals": "[parameters('minimalTlsVersion')]"
}
]
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
}
POLICYRULE
parameters = <<PARAMETERS
{
"effect": {
"type": "String",
"defaultValue": "Deny",
"allowedValues": [
"Audit",
"Disabled",
"Deny"
],
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
}
},
"minimalTlsVersion": {
"type": "String",
"defaultValue": "TLS1_2",
"allowedValues": [
"TLS1_2",
"TLS1_0",
"TLS1_1",
"TLSEnforcementDisabled"
],
"metadata": {
"displayName": "Select version minimum TLS for MySQL server",
"description": "Select version minimum TLS version Azure Database for MySQL server to enforce"
}
}
}
PARAMETERS
}
output "policydefinition_deny_postgresql_http" {
value = azurerm_policy_definition.deny_postgresql_http
}