-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
Spring_VNETEnabled_Audit.json
69 lines (69 loc) · 2.09 KB
/
Spring_VNETEnabled_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
{
"properties": {
"displayName": "Azure Spring Cloud should use network injection",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Azure Spring Cloud instances should use virtual network injection for the following purposes: 1. Isolate Azure Spring Cloud from Internet. 2. Enable Azure Spring Cloud to interact with systems in either on premises data centers or Azure service in other virtual networks. 3. Empower customers to control inbound and outbound network communications for Azure Spring Cloud.",
"metadata": {
"version": "1.2.0",
"category": "App Platform"
},
"version": "1.2.0",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Audit",
"Disabled",
"Deny"
],
"defaultValue": "Audit"
},
"evaluatedSkuNames": {
"type": "Array",
"metadata": {
"displayName": "Azure Spring Cloud SKU Names",
"description": "List of Azure Spring Cloud SKUs against which this policy will be evaluated."
},
"allowedValues": [
"Standard",
"Enterprise"
],
"defaultValue": [
"Standard",
"Enterprise"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.AppPlatform/Spring"
},
{
"field": "Microsoft.AppPlatform/Spring/sku.tier",
"in": "[parameters('evaluatedSkuNames')]"
},
{
"field": "Microsoft.AppPlatform/Spring/networkProfile.serviceRuntimeSubnetId",
"exists": false
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.2.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/af35e2a4-ef96-44e7-a9ae-853dd97032c4",
"name": "af35e2a4-ef96-44e7-a9ae-853dd97032c4"
}