Open kimsyversen opened 1 month ago
aschabus
commented
1 month ago @kimsyversen I think that the condition starting in line 45 isn't correct. It should iterate over the parameter array one by one. https://learn.microsoft.com/en-us/azure/governance/policy/how-to/author-policies-for-arrays
Can you please fix this?
kimsyversen
commented
1 month ago Thanks for the feedback @aschabus. I have updated the policy to use "not": { "anyOf": [...] } to iterate array.
neiichango
commented
2 weeks ago @kimsyversen, the AnyOf, references the amount of conditions inside the anyof section, instead of the array values.
when working with array aliases, the recommendation is to use the Count operator. You can reference to the following official documentations: https://learn.microsoft.com/en-us/azure/governance/policy/how-to/author-policies-for-arrays https://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-count-operator https://learn.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure-policy-rule#count
Can you please redesign the policy so that it follows the recommended structure?
It is often possible to add your ip address to the firewall on storage accounts but it is easy to forget to remove the ip address after the work is done. The result can be 100+ firewall openings over many years. Furthermore, it can be hard to easily audit and follow up and that is what this policy aim to support.