From 0de616555aae97c9c1bef104579ef70b479c2e31 Mon Sep 17 00:00:00 2001
From: Azure Policy Bot <azgovpolicy@microsoft.com>
Date: Fri, 25 Oct 2024 16:52:56 +0000
Subject: [PATCH] Built-in Policy Release b01622f1

---
 .../Kubernetes/DisallowedBadPodDisruptionBudgets.json | 11 ++++-------
 .../Kubernetes/DisallowedBadPodDisruptionBudgets.json | 11 ++++-------
 .../FlexibleServers_EnableLogDisconnections_AINE.json |  7 ++++---
 .../PostgreSQL/FlexibleServers_MinTLS_AINE.json       | 10 +++++++---
 4 files changed, 19 insertions(+), 20 deletions(-)

diff --git a/built-in-policies/policyDefinitions/Azure Government/Kubernetes/DisallowedBadPodDisruptionBudgets.json b/built-in-policies/policyDefinitions/Azure Government/Kubernetes/DisallowedBadPodDisruptionBudgets.json
index 809806812..2a744bf12 100644
--- a/built-in-policies/policyDefinitions/Azure Government/Kubernetes/DisallowedBadPodDisruptionBudgets.json	
+++ b/built-in-policies/policyDefinitions/Azure Government/Kubernetes/DisallowedBadPodDisruptionBudgets.json	
@@ -5,11 +5,11 @@
     "mode": "Microsoft.Kubernetes.Data",
     "description": "Prevents faulty Pod Disruption Budgets, ensuring a minimum number of operational pods. Refer to the official Kubernetes documentation for details. Relies on Gatekeeper data replication and syncs all ingress resources scoped to it into OPA. Before applying this policy, ensure that the synced ingress resources won't strain your memory capacity. Though parameters evaluate specific namespaces, all resources of that kind across namespaces will sync. Note: currently in preview for Kubernetes Service (AKS).",
     "metadata": {
-      "version": "1.1.0-preview",
+      "version": "1.2.0-preview",
       "category": "Kubernetes",
       "preview": true
     },
-    "version": "1.1.0-preview",
+    "version": "1.2.0-preview",
     "parameters": {
       "source": {
         "type": "String",
@@ -137,16 +137,12 @@
           "warn": "[parameters('warn')]",
           "templateInfo": {
             "sourceType": "PublicURL",
-            "url": "https://store.policy.azure.us/kubernetes/disallowed-bad-pod-disruption-budgets/v1/template.yaml"
+            "url": "https://store.policy.azure.us/kubernetes/disallowed-bad-pod-disruption-budgets/v2/template.yaml"
           },
           "apiGroups": [
-            "apps",
             "policy"
           ],
           "kinds": [
-            "Deployment",
-            "ReplicaSet",
-            "StatefulSet",
             "PodDisruptionBudget"
           ],
           "namespaces": "[parameters('namespaces')]",
@@ -156,6 +152,7 @@
       }
     },
     "versions": [
+      "1.2.0-PREVIEW",
       "1.1.0-PREVIEW",
       "1.0.1-PREVIEW",
       "1.0.0-PREVIEW"
diff --git a/built-in-policies/policyDefinitions/Kubernetes/DisallowedBadPodDisruptionBudgets.json b/built-in-policies/policyDefinitions/Kubernetes/DisallowedBadPodDisruptionBudgets.json
index 49b493687..56ce21977 100644
--- a/built-in-policies/policyDefinitions/Kubernetes/DisallowedBadPodDisruptionBudgets.json
+++ b/built-in-policies/policyDefinitions/Kubernetes/DisallowedBadPodDisruptionBudgets.json
@@ -5,11 +5,11 @@
     "mode": "Microsoft.Kubernetes.Data",
     "description": "Prevents faulty Pod Disruption Budgets, ensuring a minimum number of operational pods. Refer to the official Kubernetes documentation for details. Relies on Gatekeeper data replication and syncs all ingress resources scoped to it into OPA. Before applying this policy, ensure that the synced ingress resources won't strain your memory capacity. Though parameters evaluate specific namespaces, all resources of that kind across namespaces will sync. Note: currently in preview for Kubernetes Service (AKS).",
     "metadata": {
-      "version": "1.2.0-preview",
+      "version": "1.3.0-preview",
       "category": "Kubernetes",
       "preview": true
     },
-    "version": "1.2.0-preview",
+    "version": "1.3.0-preview",
     "parameters": {
       "source": {
         "type": "String",
@@ -137,16 +137,12 @@
           "warn": "[parameters('warn')]",
           "templateInfo": {
             "sourceType": "PublicURL",
-            "url": "https://store.policy.core.windows.net/kubernetes/disallowed-bad-pod-disruption-budgets/v1/template.yaml"
+            "url": "https://store.policy.core.windows.net/kubernetes/disallowed-bad-pod-disruption-budgets/v2/template.yaml"
           },
           "apiGroups": [
-            "apps",
             "policy"
           ],
           "kinds": [
-            "Deployment",
-            "ReplicaSet",
-            "StatefulSet",
             "PodDisruptionBudget"
           ],
           "namespaces": "[parameters('namespaces')]",
@@ -156,6 +152,7 @@
       }
     },
     "versions": [
+      "1.3.0-PREVIEW",
       "1.2.0-PREVIEW",
       "1.1.1-PREVIEW",
       "1.1.0-PREVIEW",
diff --git a/built-in-policies/policyDefinitions/PostgreSQL/FlexibleServers_EnableLogDisconnections_AINE.json b/built-in-policies/policyDefinitions/PostgreSQL/FlexibleServers_EnableLogDisconnections_AINE.json
index a6302fb34..c3426a6dc 100644
--- a/built-in-policies/policyDefinitions/PostgreSQL/FlexibleServers_EnableLogDisconnections_AINE.json
+++ b/built-in-policies/policyDefinitions/PostgreSQL/FlexibleServers_EnableLogDisconnections_AINE.json
@@ -1,14 +1,14 @@
 {
   "properties": {
-    "displayName": "Disconnections should be logged for PostgreSQL flexible servers.",
+    "displayName": "Disconnections should be logged for PostgreSQL flexible servers",
     "policyType": "BuiltIn",
     "mode": "Indexed",
     "description": "This policy helps audit any PostgreSQL flexible servers in your environment without log_disconnections enabled.",
     "metadata": {
-      "version": "1.0.0",
+      "version": "1.0.1",
       "category": "PostgreSQL"
     },
-    "version": "1.0.0",
+    "version": "1.0.1",
     "parameters": {
       "effect": {
         "type": "string",
@@ -41,6 +41,7 @@
       }
     },
     "versions": [
+      "1.0.1",
       "1.0.0"
     ]
   },
diff --git a/built-in-policies/policyDefinitions/PostgreSQL/FlexibleServers_MinTLS_AINE.json b/built-in-policies/policyDefinitions/PostgreSQL/FlexibleServers_MinTLS_AINE.json
index 677884830..77e998c8e 100644
--- a/built-in-policies/policyDefinitions/PostgreSQL/FlexibleServers_MinTLS_AINE.json
+++ b/built-in-policies/policyDefinitions/PostgreSQL/FlexibleServers_MinTLS_AINE.json
@@ -5,10 +5,10 @@
     "mode": "Indexed",
     "description": "This policy helps audit any PostgreSQL flexible servers in your environment which is running with TLS version less than 1.2.",
     "metadata": {
-      "version": "1.0.0",
+      "version": "1.1.0",
       "category": "PostgreSQL"
     },
-    "version": "1.0.0",
+    "version": "1.1.0",
     "parameters": {
       "effect": {
         "type": "string",
@@ -35,12 +35,16 @@
           "name": "ssl_min_protocol_version",
           "existenceCondition": {
             "field": "Microsoft.DBforPostgreSQL/flexibleServers/configurations/value",
-            "equals": "TLSv1.2"
+            "in": [
+              "TLSV1.2",
+              "TLSV1.3"
+            ]
           }
         }
       }
     },
     "versions": [
+      "1.1.0",
       "1.0.0"
     ]
   },