Built-in Policy Release b01622f1

Azure · Oct 25, 2024 · 0de6165 · 0de6165
1 parent 99d9bcf
commit 0de6165
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 20 deletions.
diff --git a/...cies/policyDefinitions/Azure Government/Kubernetes/DisallowedBadPodDisruptionBudgets.json b/...cies/policyDefinitions/Azure Government/Kubernetes/DisallowedBadPodDisruptionBudgets.json
@@ -5,11 +5,11 @@
     "mode": "Microsoft.Kubernetes.Data",
     "description": "Prevents faulty Pod Disruption Budgets, ensuring a minimum number of operational pods. Refer to the official Kubernetes documentation for details. Relies on Gatekeeper data replication and syncs all ingress resources scoped to it into OPA. Before applying this policy, ensure that the synced ingress resources won't strain your memory capacity. Though parameters evaluate specific namespaces, all resources of that kind across namespaces will sync. Note: currently in preview for Kubernetes Service (AKS).",
     "metadata": {
-      "version": "1.1.0-preview",
+      "version": "1.2.0-preview",
       "category": "Kubernetes",
       "preview": true
     },
-    "version": "1.1.0-preview",
+    "version": "1.2.0-preview",
     "parameters": {
       "source": {
         "type": "String",
@@ -137,16 +137,12 @@
           "warn": "[parameters('warn')]",
           "templateInfo": {
             "sourceType": "PublicURL",
-            "url": "https://store.policy.azure.us/kubernetes/disallowed-bad-pod-disruption-budgets/v1/template.yaml"
+            "url": "https://store.policy.azure.us/kubernetes/disallowed-bad-pod-disruption-budgets/v2/template.yaml"
           },
           "apiGroups": [
-            "apps",
             "policy"
           ],
           "kinds": [
-            "Deployment",
-            "ReplicaSet",
-            "StatefulSet",
             "PodDisruptionBudget"
           ],
           "namespaces": "[parameters('namespaces')]",
@@ -156,6 +152,7 @@
       }
     },
     "versions": [
+      "1.2.0-PREVIEW",
       "1.1.0-PREVIEW",
       "1.0.1-PREVIEW",
       "1.0.0-PREVIEW"

diff --git a/built-in-policies/policyDefinitions/Kubernetes/DisallowedBadPodDisruptionBudgets.json b/built-in-policies/policyDefinitions/Kubernetes/DisallowedBadPodDisruptionBudgets.json
@@ -5,11 +5,11 @@
     "mode": "Microsoft.Kubernetes.Data",
     "description": "Prevents faulty Pod Disruption Budgets, ensuring a minimum number of operational pods. Refer to the official Kubernetes documentation for details. Relies on Gatekeeper data replication and syncs all ingress resources scoped to it into OPA. Before applying this policy, ensure that the synced ingress resources won't strain your memory capacity. Though parameters evaluate specific namespaces, all resources of that kind across namespaces will sync. Note: currently in preview for Kubernetes Service (AKS).",
     "metadata": {
-      "version": "1.2.0-preview",
+      "version": "1.3.0-preview",
       "category": "Kubernetes",
       "preview": true
     },
-    "version": "1.2.0-preview",
+    "version": "1.3.0-preview",
     "parameters": {
       "source": {
         "type": "String",
@@ -137,16 +137,12 @@
           "warn": "[parameters('warn')]",
           "templateInfo": {
             "sourceType": "PublicURL",
-            "url": "https://store.policy.core.windows.net/kubernetes/disallowed-bad-pod-disruption-budgets/v1/template.yaml"
+            "url": "https://store.policy.core.windows.net/kubernetes/disallowed-bad-pod-disruption-budgets/v2/template.yaml"
           },
           "apiGroups": [
-            "apps",
             "policy"
           ],
           "kinds": [
-            "Deployment",
-            "ReplicaSet",
-            "StatefulSet",
             "PodDisruptionBudget"
           ],
           "namespaces": "[parameters('namespaces')]",
@@ -156,6 +152,7 @@
       }
     },
     "versions": [
+      "1.3.0-PREVIEW",
       "1.2.0-PREVIEW",
       "1.1.1-PREVIEW",
       "1.1.0-PREVIEW",

diff --git a/...n-policies/policyDefinitions/PostgreSQL/FlexibleServers_EnableLogDisconnections_AINE.json b/...n-policies/policyDefinitions/PostgreSQL/FlexibleServers_EnableLogDisconnections_AINE.json
@@ -1,14 +1,14 @@
 {
   "properties": {
-    "displayName": "Disconnections should be logged for PostgreSQL flexible servers.",
+    "displayName": "Disconnections should be logged for PostgreSQL flexible servers",
     "policyType": "BuiltIn",
     "mode": "Indexed",
     "description": "This policy helps audit any PostgreSQL flexible servers in your environment without log_disconnections enabled.",
     "metadata": {
-      "version": "1.0.0",
+      "version": "1.0.1",
       "category": "PostgreSQL"
     },
-    "version": "1.0.0",
+    "version": "1.0.1",
     "parameters": {
       "effect": {
         "type": "string",
@@ -41,6 +41,7 @@
       }
     },
     "versions": [
+      "1.0.1",
       "1.0.0"
     ]
   },

diff --git a/built-in-policies/policyDefinitions/PostgreSQL/FlexibleServers_MinTLS_AINE.json b/built-in-policies/policyDefinitions/PostgreSQL/FlexibleServers_MinTLS_AINE.json
@@ -5,10 +5,10 @@
     "mode": "Indexed",
     "description": "This policy helps audit any PostgreSQL flexible servers in your environment which is running with TLS version less than 1.2.",
     "metadata": {
-      "version": "1.0.0",
+      "version": "1.1.0",
       "category": "PostgreSQL"
     },
-    "version": "1.0.0",
+    "version": "1.1.0",
     "parameters": {
       "effect": {
         "type": "string",
@@ -35,12 +35,16 @@
           "name": "ssl_min_protocol_version",
           "existenceCondition": {
             "field": "Microsoft.DBforPostgreSQL/flexibleServers/configurations/value",
-            "equals": "TLSv1.2"
+            "in": [
+              "TLSV1.2",
+              "TLSV1.3"
+            ]
           }
         }
       }
     },
     "versions": [
+      "1.1.0",
       "1.0.0"
     ]
   },