Skip to content

Commit

Permalink
Change Policy from DINE to Modify (#418)
Browse files Browse the repository at this point in the history
  • Loading branch information
techlake authored Jan 24, 2024
1 parent 2684d4a commit 28a1af3
Showing 1 changed file with 26 additions and 76 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -6,22 +6,23 @@
"description": "This Policy will enable soft-delete and purge protection on all Key Vaults.",
"metadata": {
"category": "Key Vault",
"version": "1.0.0"
"version": "2.0.0"
},
"mode": "All",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "DeployIfNotExists, AuditIfNotExists or Disabled the execution of the Policy"
"description": "Modify, Deny, Audit, or Disabled"
},
"allowedValues": [
"DeployIfNotExists",
"AuditIfNotExists",
"Modify",
"Deny",
"Audit",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
"defaultValue": "Modify"
}
},
"policyRule": {
Expand All @@ -40,6 +41,14 @@
{
"field": "Microsoft.KeyVault/vaults/enablePurgeProtection",
"exists": "false"
},
{
"field": "Microsoft.KeyVault/vaults/enablePurgeProtection",
"equals": "false"
},
{
"field": "Microsoft.KeyVault/vaults/enableSoftDelete",
"equals": "false"
}
]
}
Expand All @@ -48,82 +57,23 @@
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.KeyVault/vaults",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395"
],
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.KeyVault/vaults/enablePurgeProtection",
"equals": "true"
},
{
"field": "Microsoft.KeyVault/vaults/enableSoftDelete",
"equals": "true"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"keyvaultName": {
"type": "string"
},
"location": {
"type": "string"
},
"sku": {
"type": "object"
},
"tenantId": {
"type": "string"
},
"accessPolicies": {
"type": "array"
}
},
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2018-02-14",
"name": "[parameters('keyVaultName')]",
"location": "[parameters('location')]",
"properties": {
"tenantId": "[parameters('tenantId')]",
"enableSoftDelete": true,
"enablePurgeProtection": true,
"sku": "[parameters('sku')]",
"accessPolicies": "[parameters('accessPolicies')]"
}
}
]
},
"parameters": {
"keyvaultName": {
"value": "[field('name')]"
},
"location": {
"value": "[field('location')]"
},
"sku": {
"value": "[field('Microsoft.KeyVault/vaults/sku')]"
},
"tenantId": {
"value": "[field('Microsoft.KeyVault/vaults/tenantId')]"
},
"accessPolicies": {
"value": "[field('Microsoft.KeyVault/vaults/accessPolicies')]"
}
}
"operations": [
{
"operation": "addOrReplace",
"field": "Microsoft.KeyVault/vaults/enableSoftDelete",
"value": true
},
{
"operation": "addOrReplace",
"field": "Microsoft.KeyVault/vaults/enablePurgeProtection",
"value": true
}
}
]
}
}
}
}
}
}

0 comments on commit 28a1af3

Please sign in to comment.