-
Notifications
You must be signed in to change notification settings - Fork 328
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[New] Container Registries enable retention policy (#355)
- Loading branch information
1 parent
2af83f3
commit fed7fab
Showing
3 changed files
with
83 additions
and
0 deletions.
There are no files selected for viewing
48 changes: 48 additions & 0 deletions
48
...initions/Container Registry/container-registries-enable-retention-policy/azurepolicy.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
{ | ||
"name": "8b36505e-b96f-4ab9-a5ed-aefd19476d2c", | ||
"type": "Microsoft.Authorization/policyDefinitions", | ||
"properties": { | ||
"displayName": "Container Registries enable retention policy", | ||
"description": "Ensure registry has a retention policy for stored image manifests that don't have any associated tags (untagged manifests), which are then automatically deleted. This feature prevents the registry from filling up with artifacts that aren't needed and helps you save on storage costs.", | ||
"metadata": { | ||
"category": "Container Registry", | ||
"version": "1.0.0" | ||
}, | ||
"mode": "Indexed", | ||
"parameters": { | ||
"effect": { | ||
"type": "String", | ||
"metadata": { | ||
"displayName": "Effect", | ||
"description": "Deny, Audit or Disabled the execution of the Policy" | ||
}, | ||
"allowedValues": [ | ||
"Deny", | ||
"Audit", | ||
"Disabled" | ||
], | ||
"defaultValue": "Audit" | ||
} | ||
}, | ||
"policyRule": { | ||
"if": { | ||
"allOf": [ | ||
{ | ||
"equals": "Microsoft.ContainerRegistry/registries", | ||
"field": "type" | ||
}, | ||
{ | ||
"in": [ | ||
"disabled", | ||
"Disabled" | ||
], | ||
"field": "Microsoft.ContainerRegistry/registries/policies.retentionPolicy.status" | ||
} | ||
] | ||
}, | ||
"then": { | ||
"effect": "[parameters('effect')]" | ||
} | ||
} | ||
} | ||
} |
15 changes: 15 additions & 0 deletions
15
...ntainer Registry/container-registries-enable-retention-policy/azurepolicy.parameters.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
{ | ||
"effect": { | ||
"type": "String", | ||
"metadata": { | ||
"displayName": "Effect", | ||
"description": "Deny, Audit or Disabled the execution of the Policy" | ||
}, | ||
"allowedValues": [ | ||
"Deny", | ||
"Audit", | ||
"Disabled" | ||
], | ||
"defaultValue": "Audit" | ||
} | ||
} |
20 changes: 20 additions & 0 deletions
20
...ns/Container Registry/container-registries-enable-retention-policy/azurepolicy.rules.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
{ | ||
"if": { | ||
"allOf": [ | ||
{ | ||
"equals": "Microsoft.ContainerRegistry/registries", | ||
"field": "type" | ||
}, | ||
{ | ||
"in": [ | ||
"disabled", | ||
"Disabled" | ||
], | ||
"field": "Microsoft.ContainerRegistry/registries/policies.retentionPolicy.status" | ||
} | ||
] | ||
}, | ||
"then": { | ||
"effect": "[parameters('effect')]" | ||
} | ||
} |