Skip to content

Commit 792a9b2

Browse files
pilorAzure Policy Bot
pilor
and
Azure Policy Bot
authored
Built-in Policy Release cbf95f4c (Azure#1251)
Co-authored-by: Azure Policy Bot <azgovpolicy@microsoft.com>
1 parent f3ebdd2 commit 792a9b2

33 files changed

+220
-161
lines changed

‎built-in-policies/policyDefinitions/Azure Government/Kubernetes/AKS_GuardrailsCannotEditIndividualNodes.json‎ renamed to ‎built-in-policies/policyDefinitions/Azure Government/Kubernetes/CannotEditIndividualNodes.json‎

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,11 +5,11 @@
55
"mode": "Microsoft.Kubernetes.Data",
66
"description": "Cannot Edit Individual Nodes. Users should not edit individual nodes. Please edit node pools.",
77
"metadata": {
8-
"version": "1.0.1-preview",
8+
"version": "1.0.2-preview",
99
"category": "Kubernetes",
1010
"preview": true
1111
},
12-
"version": "1.0.1-preview",
12+
"version": "1.0.2-preview",
1313
"parameters": {
1414
"effect": {
1515
"type": "String",
@@ -107,14 +107,14 @@
107107
"type": "Array",
108108
"metadata": {
109109
"displayName": "Allowed Users",
110-
"description": "Users that are allowed by AKS Guardrails to modify node labels on individual nodes."
110+
"description": "Users that are allowed by AKS Safeguards to modify node labels on individual nodes."
111111
}
112112
},
113113
"allowedGroups": {
114114
"type": "Array",
115115
"metadata": {
116116
"displayName": "Allowed Groups",
117-
"description": "Groups that are allowed by AKS Guardrails to modify node labels on individual nodes."
117+
"description": "Groups that are allowed by AKS Safeguards to modify node labels on individual nodes."
118118
}
119119
}
120120
},

‎built-in-policies/policyDefinitions/Azure Government/Kubernetes/AKS_GuardrailsMustHaveAntiAffinityRulesSet.json‎ renamed to ‎built-in-policies/policyDefinitions/Azure Government/Kubernetes/MustHaveAntiAffinityRulesSet.json‎

File renamed without changes.

‎built-in-policies/policyDefinitions/Azure Government/Kubernetes/AKS_GuardrailsNoAKSSpecificLabels.json‎ renamed to ‎built-in-policies/policyDefinitions/Azure Government/Kubernetes/NoAKSSpecificLabels.json‎

File renamed without changes.

‎built-in-policies/policyDefinitions/Azure Government/Kubernetes/AKS_GuardrailsReservedSystemPoolTaints.json‎ renamed to ‎built-in-policies/policyDefinitions/Azure Government/Kubernetes/ReservedSystemPoolTaints.json‎

File renamed without changes.

‎built-in-policies/policyDefinitions/Kubernetes/AKS_GuardrailsCannotEditIndividualNodes.json‎ renamed to ‎built-in-policies/policyDefinitions/Kubernetes/CannotEditIndividualNodes.json‎

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,11 +5,11 @@
55
"mode": "Microsoft.Kubernetes.Data",
66
"description": "Cannot Edit Individual Nodes. Users should not edit individual nodes. Please edit node pools.",
77
"metadata": {
8-
"version": "1.0.1-preview",
8+
"version": "1.0.2-preview",
99
"category": "Kubernetes",
1010
"preview": true
1111
},
12-
"version": "1.0.1-preview",
12+
"version": "1.0.2-preview",
1313
"parameters": {
1414
"effect": {
1515
"type": "String",
@@ -107,14 +107,14 @@
107107
"type": "Array",
108108
"metadata": {
109109
"displayName": "Allowed Users",
110-
"description": "Users that are allowed by AKS Guardrails to modify node labels on individual nodes."
110+
"description": "Users that are allowed by AKS Safeguards to modify node labels on individual nodes."
111111
}
112112
},
113113
"allowedGroups": {
114114
"type": "Array",
115115
"metadata": {
116116
"displayName": "Allowed Groups",
117-
"description": "Groups that are allowed by AKS Guardrails to modify node labels on individual nodes."
117+
"description": "Groups that are allowed by AKS Safeguards to modify node labels on individual nodes."
118118
}
119119
}
120120
},

‎built-in-policies/policyDefinitions/Kubernetes/AKS_GuardrailsMustHaveAntiAffinityRulesSet.json‎ renamed to ‎built-in-policies/policyDefinitions/Kubernetes/MustHaveAntiAffinityRulesSet.json‎

File renamed without changes.

‎built-in-policies/policyDefinitions/Kubernetes/AKS_GuardrailsNoAKSSpecificLabels.json‎ renamed to ‎built-in-policies/policyDefinitions/Kubernetes/NoAKSSpecificLabels.json‎

File renamed without changes.

‎built-in-policies/policyDefinitions/Kubernetes/AKS_GuardrailsReservedSystemPoolTaints.json‎ renamed to ‎built-in-policies/policyDefinitions/Kubernetes/ReservedSystemPoolTaints.json‎

File renamed without changes.

‎built-in-policies/policyDefinitions/Security Center/ASC_EnableAdvancedThreatProtectionOnStorageAccounts_Audit.json‎

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,19 @@
11
{
22
"properties": {
3-
"displayName": "Microsoft Defender for Storage (Classic) should be enabled",
3+
"displayName": "[Deprecated]: Microsoft Defender for Storage (Classic) should be enabled",
44
"policyType": "BuiltIn",
55
"mode": "All",
66
"description": "Microsoft Defender for Storage (Classic) provides detections of unusual and potentially harmful attempts to access or exploit storage accounts.",
77
"metadata": {
8-
"version": "1.0.4",
9-
"category": "Security Center"
8+
"version": "1.1.0-deprecated",
9+
"category": "Security Center",
10+
"deprecated": true
1011
},
11-
"version": "1.0.4",
12+
"version": "1.1.0",
1213
"parameters": {
1314
"effect": {
1415
"type": "string",
15-
"defaultValue": "AuditIfNotExists",
16+
"defaultValue": "Disabled",
1617
"allowedValues": [
1718
"AuditIfNotExists",
1819
"Disabled"

‎built-in-policies/policySetDefinitions/Azure Government/Kubernetes/AKS_Guardrails.json‎ renamed to ‎built-in-policies/policySetDefinitions/Azure Government/Kubernetes/AKS_Safeguards.json‎

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,14 @@
11
{
22
"properties": {
3-
"displayName": "[Preview]: AKS Guardrails should help guide developers towards AKS recommended best practices",
3+
"displayName": "[Preview]: AKS Safeguards should help guide developers towards AKS recommended best practices",
44
"policyType": "BuiltIn",
5-
"description": "A collection of Kubernetes best practices that are recommended by Azure Kubernetes Service (AKS). For the best experience, use AKS Guardrails to assign this policy initiative: https://aka.ms/aks/guardrails.",
5+
"description": "A collection of Kubernetes best practices that are recommended by Azure Kubernetes Service (AKS). For the best experience, use AKS Deployment Safeguards to assign this policy initiative: https://aka.ms/aks/safeguards. Azure Policy Add-On for AKS is a pre-requisite for applying these best practices to your clusters. For instructions on enabling the Azure Policy Add-On, go to aka.ms/akspolicydoc",
66
"metadata": {
7-
"version": "1.3.1-preview",
7+
"version": "1.3.2-preview",
88
"category": "Kubernetes",
99
"preview": true
1010
},
11-
"version": "1.3.1-preview",
11+
"version": "1.3.2-preview",
1212
"parameters": {
1313
"effect": {
1414
"type": "String",
@@ -39,14 +39,14 @@
3939
"type": "Array",
4040
"metadata": {
4141
"displayName": "Allowed Users",
42-
"description": "Users that are allowed by AKS Guardrails to make changes on kubernetes object."
42+
"description": "Users that are allowed by AKS Safeguards to make changes on kubernetes object."
4343
}
4444
},
4545
"allowedGroups": {
4646
"type": "Array",
4747
"metadata": {
4848
"displayName": "Allowed Groups",
49-
"description": "Groups that are allowed by AKS Guardrails to make changes on kubernetes object."
49+
"description": "Groups that are allowed by AKS Safeguards to make changes on kubernetes object."
5050
}
5151
},
5252
"cpuLimit": {

0 commit comments

Comments
 (0)