Update Policy Library (automated) (#346)

.editorconfig

@@ -13,3 +13,17 @@ charset = utf-8
 end_of_line = lf
 trim_trailing_whitespace = true
 insert_final_newline = true
+
+[**/policy/definitions/lib/**]
+indent_size = 2
+charset = unset
+end_of_line = unset
+trim_trailing_whitespace = unset
+insert_final_newline = unset
+
+[**/policy/assignments/lib/**]
+indent_size = 2
+charset = unset
+end_of_line = unset
+trim_trailing_whitespace = unset
+insert_final_newline = unset

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_append_appservice_httpsonly.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Append-AppService-httpsonly.json

@@ -10,7 +10,13 @@
     "description": "Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.",
     "metadata": {
       "version": "1.0.0",
-      "category": "App Service"
+      "category": "App Service",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud",
+        "AzureChinaCloud",
+        "AzureUSGovernment"
+      ]
     },
     "parameters": {
       "effect": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_append_appservice_latesttls.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Append-AppService-latestTLS.json

@@ -10,7 +10,13 @@
     "description": "Append the AppService sites object to ensure that min Tls version is set to required minimum TLS version. Please note Append does not enforce compliance use then deny.",
     "metadata": {
       "version": "1.0.0",
-      "category": "App Service"
+      "category": "App Service",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud",
+        "AzureChinaCloud",
+        "AzureUSGovernment"
+      ]
     },
     "parameters": {
       "effect": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_append_kv_softdelete.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Append-KV-SoftDelete.json

@@ -10,7 +10,13 @@
     "description": "This policy enables you to ensure when a Key Vault is created with out soft delete enabled it will be added.",
     "metadata": {
       "version": "1.0.0",
-      "category": "Key Vault"
+      "category": "Key Vault",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud",
+        "AzureChinaCloud",
+        "AzureUSGovernment"
+      ]
     },
     "parameters": {},
     "policyRule": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_append_redis_disablenonsslport.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Append-Redis-disableNonSslPort.json

@@ -10,7 +10,13 @@
     "description": "Azure Cache for Redis Append and the enforcement that enableNonSslPort is disabled. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
     "metadata": {
       "version": "1.0.0",
-      "category": "Cache"
+      "category": "Cache",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud",
+        "AzureChinaCloud",
+        "AzureUSGovernment"
+      ]
     },
     "parameters": {
       "effect": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_append_redis_sslenforcement.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Append-Redis-sslEnforcement.json

@@ -10,7 +10,13 @@
     "description": "Append a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
     "metadata": {
       "version": "1.0.0",
-      "category": "Cache"
+      "category": "Cache",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud",
+        "AzureChinaCloud",
+        "AzureUSGovernment"
+      ]
     },
     "parameters": {
       "effect": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_audit_machinelearning_privateendpointid.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Audit-MachineLearning-PrivateEndpointId.json

@@ -10,7 +10,11 @@
     "description": "Audit private endpoints that are created in other subscriptions and/or tenants for Azure Machine Learning.",
     "metadata": {
       "version": "1.0.0",
-      "category": "Machine Learning"
+      "category": "Machine Learning",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud"
+      ]
     },
     "parameters": {
       "effect": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_deny_aa_child_resources.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Deny-AA-child-resources.json

@@ -10,7 +10,12 @@
     "description": "This policy denies the creation of child resources on the Automation Account",
     "metadata": {
       "version": "1.0.0",
-      "category": "Automation"
+      "category": "Automation",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud",
+        "AzureUSGovernment"
+      ]
     },
     "parameters": {
       "effect": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_deny_appgw_without_waf.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Deny-AppGW-Without-WAF.json

@@ -10,7 +10,13 @@
     "description": "This policy enables you to restrict that Application Gateways is always deployed with WAF enabled",
     "metadata": {
       "version": "1.0.0",
-      "category": "Network"
+      "category": "Network",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud",
+        "AzureChinaCloud",
+        "AzureUSGovernment"
+      ]
     },
     "parameters": {
       "effect": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_deny_appserviceapiapp_http.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Deny-AppServiceApiApp-http.json

@@ -10,7 +10,13 @@
     "description": "Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.",
     "metadata": {
       "version": "1.0.0",
-      "category": "App Service"
+      "category": "App Service",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud",
+        "AzureChinaCloud",
+        "AzureUSGovernment"
+      ]
     },
     "parameters": {
       "effect": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_deny_appservicefunctionapp_http.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Deny-AppServiceFunctionApp-http.json

@@ -10,7 +10,13 @@
     "description": "Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.",
     "metadata": {
       "version": "1.0.0",
-      "category": "App Service"
+      "category": "App Service",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud",
+        "AzureChinaCloud",
+        "AzureUSGovernment"
+      ]
     },
     "parameters": {
       "effect": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_deny_appservicewebapp_http.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Deny-AppServiceWebApp-http.json

@@ -10,7 +10,13 @@
     "description": "Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.",
     "metadata": {
       "version": "1.0.0",
-      "category": "App Service"
+      "category": "App Service",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud",
+        "AzureChinaCloud",
+        "AzureUSGovernment"
+      ]
     },
     "parameters": {
       "effect": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_deny_databricks_nopublicip.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Deny-Databricks-NoPublicIp.json

@@ -10,7 +10,11 @@
     "description": "Denies the deployment of workspaces that do not use the noPublicIp feature to host Databricks clusters without public IPs.",
     "metadata": {
       "version": "1.0.0",
-      "category": "Databricks"
+      "category": "Databricks",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud"
+      ]
     },
     "parameters": {
       "effect": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_deny_databricks_sku.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Deny-Databricks-Sku.json

@@ -10,7 +10,11 @@
     "description": "Enforces the use of Premium Databricks workspaces to make sure appropriate security features are available including Databricks Access Controls, Credential Passthrough and SCIM provisioning for AAD.",
     "metadata": {
       "version": "1.0.0",
-      "category": "Databricks"
+      "category": "Databricks",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud"
+      ]
     },
     "parameters": {
       "effect": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_deny_databricks_virtualnetwork.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Deny-Databricks-VirtualNetwork.json

@@ -10,7 +10,11 @@
     "description": "Enforces the use of vnet injection for Databricks workspaces.",
     "metadata": {
       "version": "1.0.0",
-      "category": "Databricks"
+      "category": "Databricks",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud"
+      ]
     },
     "parameters": {
       "effect": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_deny_machinelearning_aks.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Deny-MachineLearning-Aks.json

@@ -10,7 +10,11 @@
     "description": "Deny AKS cluster creation in Azure Machine Learning and enforce connecting to existing clusters.",
     "metadata": {
       "version": "1.0.0",
-      "category": "Machine Learning"
+      "category": "Machine Learning",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud"
+      ]
     },
     "parameters": {
       "effect": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_deny_machinelearning_compute_subnetid.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Deny-MachineLearning-Compute-SubnetId.json

@@ -10,7 +10,11 @@
     "description": "Enforce subnet connectivity for Azure Machine Learning compute clusters and compute instances.",
     "metadata": {
       "version": "1.0.0",
-      "category": "Machine Learning"
+      "category": "Machine Learning",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud"
+      ]
     },
     "parameters": {
       "effect": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_deny_machinelearning_compute_vmsize.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Deny-MachineLearning-Compute-VmSize.json

@@ -10,7 +10,11 @@
     "description": "Limit allowed vm sizes for Azure Machine Learning compute clusters and compute instances.",
     "metadata": {
       "version": "1.0.0",
-      "category": "Budget"
+      "category": "Budget",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud"
+      ]
     },
     "parameters": {
       "effect": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_deny_machinelearning_computecluster_remoteloginportpublicaccess.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Deny-MachineLearning-ComputeCluster-RemoteLoginPortPublicAccess.json

@@ -10,7 +10,11 @@
     "description": "Deny public access of Azure Machine Learning clusters via SSH.",
     "metadata": {
       "version": "1.1.0",
-      "category": "Machine Learning"
+      "category": "Machine Learning",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud"
+      ]
     },
     "parameters": {
       "effect": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_deny_machinelearning_computecluster_scale.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Deny-MachineLearning-ComputeCluster-Scale.json

@@ -10,7 +10,11 @@
     "description": "Enforce scale settings for Azure Machine Learning compute clusters.",
     "metadata": {
       "version": "1.0.0",
-      "category": "Budget"
+      "category": "Budget",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud"
+      ]
     },
     "parameters": {
       "effect": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_deny_machinelearning_hbiworkspace.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Deny-MachineLearning-HbiWorkspace.json

@@ -10,7 +10,11 @@
     "description": "Enforces high business impact Azure Machine Learning workspaces.",
     "metadata": {
       "version": "1.0.0",
-      "category": "Machine Learning"
+      "category": "Machine Learning",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud"
+      ]
     },
     "parameters": {
       "effect": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_deny_machinelearning_publicaccesswhenbehindvnet.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Deny-MachineLearning-PublicAccessWhenBehindVnet.json

@@ -10,7 +10,11 @@
     "description": "Deny public access behind vnet to Azure Machine Learning workspaces.",
     "metadata": {
       "version": "1.0.0",
-      "category": "Machine Learning"
+      "category": "Machine Learning",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud"
+      ]
     },
     "parameters": {
       "effect": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_deny_machinelearning_publicnetworkaccess.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Deny-MachineLearning-PublicNetworkAccess.json

@@ -10,7 +10,11 @@
     "description": "Denies public network access for Azure Machine Learning workspaces.",
     "metadata": {
       "version": "1.0.0",
-      "category": "Machine Learning"
+      "category": "Machine Learning",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud"
+      ]
     },
     "parameters": {
       "effect": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_deny_mysql_http.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Deny-MySql-http.json

@@ -10,7 +10,13 @@
     "description": "Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
     "metadata": {
       "version": "1.0.0",
-      "category": "SQL"
+      "category": "SQL",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud",
+        "AzureChinaCloud",
+        "AzureUSGovernment"
+      ]
     },
     "parameters": {
       "effect": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_deny_postgresql_http.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Deny-PostgreSql-http.json

@@ -10,7 +10,13 @@
     "description": "Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
     "metadata": {
       "version": "1.0.1",
-      "category": "SQL"
+      "category": "SQL",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud",
+        "AzureChinaCloud",
+        "AzureUSGovernment"
+      ]
     },
     "parameters": {
       "effect": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_deny_private_dns_zones.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Deny-Private-DNS-Zones.json

@@ -10,7 +10,13 @@
     "description": "This policy denies the creation of a private DNS in the current scope, used in combination with policies that create centralized private DNS in connectivity subscription",
     "metadata": {
       "version": "1.0.0",
-      "category": "Network"
+      "category": "Network",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud",
+        "AzureChinaCloud",
+        "AzureUSGovernment"
+      ]
     },
     "parameters": {
       "effect": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_deny_publicendpoint_mariadb.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Deny-PublicEndpoint-MariaDB.json

@@ -10,7 +10,13 @@
     "description": "This policy denies the creation of Maria DB accounts with exposed public endpoints",
     "metadata": {
       "version": "1.0.0",
-      "category": "SQL"
+      "category": "SQL",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud",
+        "AzureChinaCloud",
+        "AzureUSGovernment"
+      ]
     },
     "parameters": {
       "effect": {

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_deny_publicip.json → infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Deny-PublicIP.json

@@ -10,7 +10,13 @@
     "description": "This policy denies creation of Public IPs under the assigned scope.",
     "metadata": {
       "version": "1.0.0",
-      "category": "Network"
+      "category": "Network",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud",
+        "AzureChinaCloud",
+        "AzureUSGovernment"
+      ]
     },
     "parameters": {
       "effect": {