3bfb6c9621
The implementation here is meant to wrap a library of JSON policy documents. Policies should be added to directories corresponding to where they will be defined (portfolio, application, environment). Functionality for parsing portfolio policy definitions is included. When the policies need to be defined on a management group, the AzureCloudProvider can iterate the appropriate tier of the policy manager and add those definitions.
52 lines
1.2 KiB
JSON
52 lines
1.2 KiB
JSON
{
|
|
"definitionPoint": "portfolio",
|
|
"policyDefinition": {
|
|
"properties": {
|
|
"displayName": "Custom - Region Restriction",
|
|
"policyType": "Custom",
|
|
"mode": "Indexed",
|
|
"parameters": {
|
|
"listOfAllowedLocations": {
|
|
"type": "Array",
|
|
"metadata": {
|
|
"displayName": "Allowed locations",
|
|
"description": "The list of locations that can be specified when deploying resources.",
|
|
"strongType": "location"
|
|
}
|
|
}
|
|
},
|
|
"policyRule": {
|
|
"if": {
|
|
"allOf": [
|
|
{
|
|
"field": "location",
|
|
"notIn": "[parameters('listOfAllowedLocations')]"
|
|
},
|
|
{
|
|
"field": "location",
|
|
"notEquals": "global"
|
|
},
|
|
{
|
|
"field": "type",
|
|
"notEquals": "Microsoft.AzureActiveDirectory/b2cDirectories"
|
|
}
|
|
]
|
|
},
|
|
"then": {
|
|
"effect": "Deny"
|
|
}
|
|
}
|
|
},
|
|
"type": "Microsoft.Authorization/policyDefinitions"
|
|
},
|
|
"parameters": {
|
|
"listOfAllowedLocations": {
|
|
"value": [
|
|
"eastus",
|
|
"southcentralus",
|
|
"westus"
|
|
]
|
|
}
|
|
}
|
|
}
|