-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
ANF_VolumesShouldNotUseNFSv3.json
56 lines (56 loc) · 1.6 KB
/
ANF_VolumesShouldNotUseNFSv3.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
{
"properties": {
"displayName": "Azure NetApp Files Volumes should not use NFSv3 protocol type",
"policyType": "BuiltIn",
"mode": "All",
"description": "Disallow the use of NFSv3 protocol type to prevent unsecure access to volumes. NFSv4.1 with Kerberos protocol should be used to access NFS volumes to ensure data integrity and encryption.",
"metadata": {
"version": "1.0.0",
"category": "Storage"
},
"version": "1.0.0",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.NetApp/netAppAccounts/capacityPools/volumes"
},
{
"count": {
"field": "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/protocolTypes[*]",
"where": {
"field": "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/protocolTypes[*]",
"equals": "NFSv3"
}
},
"greater": 0
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/d558e1a6-296d-4fbb-81a5-ea25822639f6",
"name": "d558e1a6-296d-4fbb-81a5-ea25822639f6"
}