From dbe0c17b665ee63e9dec8c7ca0ee3d5bb0947a42 Mon Sep 17 00:00:00 2001 From: uday31in <14359777+uday31in@users.noreply.github.com> Date: Sat, 4 Mar 2023 11:30:49 +0000 Subject: [PATCH 1/2] fix for serviceendpoint --- .../Compliant-NetworkPolicySetDefinition.json | 56 +++++++++++++++---- 1 file changed, 46 insertions(+), 10 deletions(-) diff --git a/foundations/azure/referenceImplementations/core/managementGroupTemplates/policyDefinitions/Compliant-NetworkPolicySetDefinition.json b/foundations/azure/referenceImplementations/core/managementGroupTemplates/policyDefinitions/Compliant-NetworkPolicySetDefinition.json index b8a9cb25..b8a614e1 100644 --- a/foundations/azure/referenceImplementations/core/managementGroupTemplates/policyDefinitions/Compliant-NetworkPolicySetDefinition.json +++ b/foundations/azure/referenceImplementations/core/managementGroupTemplates/policyDefinitions/Compliant-NetworkPolicySetDefinition.json @@ -306,20 +306,56 @@ }, "policyRule": { "if": { - "allOf": [ + "anyOf": [ { - "field": "type", - "equals": "Microsoft.Network/virtualNetworks/subnets" + "allOf": [ + { + "equals": "Microsoft.Network/virtualNetworks/subnets", + "field": "type" + }, + { + "count": { + "field": "Microsoft.Network/virtualNetworks/subnets/serviceEndpoints[*]", + "where": { + "field": "Microsoft.Network/virtualNetworks/subnets/serviceEndpoints[*].service", + "exists": true + } + }, + "greater": 0 + } + ] }, { - "count": { - "field": "Microsoft.Network/virtualNetworks/subnets/serviceEndpoints[*]", - "where": { - "field": "Microsoft.Network/virtualNetworks/subnets/serviceEndpoints[*].service", - "exists": true + "allOf": [ + { + "equals": "Microsoft.Network/virtualNetworks", + "field": "type" + }, + { + "count": { + "field": "Microsoft.Network/virtualNetworks/subnets[*]", + "where": { + "allOf": [ + { + "exists": "false", + "field": "Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id" + }, + { + "count": { + "field": "Microsoft.Network/virtualNetworks/subnets/serviceEndpoints[*]", + "where": { + "field": "Microsoft.Network/virtualNetworks/subnets/serviceEndpoints[*].service", + "exists": true + } + }, + "greater": 0 + } + ] + } + }, + "notEquals": 0 } - }, - "greater": 0 + ] } ] }, From 79f0959c391aa4e4b71435a8b432c6da5193efd4 Mon Sep 17 00:00:00 2001 From: uday31in <14359777+uday31in@users.noreply.github.com> Date: Sat, 4 Mar 2023 11:32:53 +0000 Subject: [PATCH 2/2] serviceEndpoints --- .../policyDefinitions/Compliant-NetworkPolicySetDefinition.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/foundations/azure/referenceImplementations/core/managementGroupTemplates/policyDefinitions/Compliant-NetworkPolicySetDefinition.json b/foundations/azure/referenceImplementations/core/managementGroupTemplates/policyDefinitions/Compliant-NetworkPolicySetDefinition.json index b8a614e1..54c4cc42 100644 --- a/foundations/azure/referenceImplementations/core/managementGroupTemplates/policyDefinitions/Compliant-NetworkPolicySetDefinition.json +++ b/foundations/azure/referenceImplementations/core/managementGroupTemplates/policyDefinitions/Compliant-NetworkPolicySetDefinition.json @@ -338,7 +338,7 @@ "allOf": [ { "exists": "false", - "field": "Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id" + "field": "Microsoft.Network/virtualNetworks/subnets[*].serviceEndpoints.id" }, { "count": {