JSON compareHide
compare mode:
side-by-side
line-by-line
version left: 1.1.0 1.0.3 1.0.2 1.0.1 1.0.0 version right: 1.2.0 1.1.0 1.0.3 1.0.2 1.0.1 1.0.0
@@ -3,9 +3,9 @@
3
"policyType": "BuiltIn",
4
"mode": "Indexed",
5
"description": "Disabling command invoke can enhance the security by rejecting invoke-command access to the cluster",
6
"metadata": {
7
-
"version": "1.1.0",
8
"category": "Kubernetes"
9
},
10
"parameters": {
11
"effect": {
@@ -71,9 +71,9 @@
71
"resources": [],
72
"outputs": {
73
"aksCluster": {
74
"type": "object",
75
-
"value": "[reference(resourceId(parameters('clusterResourceGroupName'), 'Microsoft.ContainerService/managedClusters', parameters('clusterName')), '2021-08-01', 'Full')]"
76
}
77
}
78
}
79
}
@@ -99,17 +99,16 @@
99
}
100
},
101
"resources": [
102
{
103
-
"apiVersion": "2021-08-01",
104
"type": "Microsoft.ContainerService/managedClusters",
105
"name": "[parameters('aksClusterName')]",
106
"location": "[parameters('aksClusterContent').location]",
107
"sku": "[parameters('aksClusterContent').sku]",
108
"tags": "[if(contains(parameters('aksClusterContent'), 'tags'), parameters('aksClusterContent').tags, json('null'))]",
109
"properties": {
110
"kubernetesVersion": "[parameters('aksClusterContent').properties.kubernetesVersion]",
111
-
"agentPoolProfiles": "[if(contains(parameters('aksClusterContent').properties, 'agentPoolProfiles'), parameters('aksClusterContent').properties.agentPoolProfiles, json('null'))]",
112
"linuxProfile": "[if(contains(parameters('aksClusterContent').properties, 'linuxProfile'), parameters('aksClusterContent').properties.linuxProfile, json('null'))]",
113
"windowsProfile": "[if(contains(parameters('aksClusterContent').properties, 'windowsProfile'), parameters('aksClusterContent').properties.windowsProfile, json('null'))]",
114
"servicePrincipalProfile": "[if(contains(parameters('aksClusterContent').properties, 'servicePrincipalProfile'), parameters('aksClusterContent').properties.servicePrincipalProfile, json('null'))]",
115
"nodeResourceGroup": "[parameters('aksClusterContent').properties.nodeResourceGroup]",
@@ -118,19 +117,26 @@
118
"networkProfile": "[if(contains(parameters('aksClusterContent').properties, 'networkProfile'), parameters('aksClusterContent').properties.networkProfile, json('null'))]",
119
"aadProfile": "[if(contains(parameters('aksClusterContent').properties, 'aadProfile'), parameters('aksClusterContent').properties.aadProfile, json('null'))]",
120
"autoScalerProfile": "[if(contains(parameters('aksClusterContent').properties, 'autoScalerProfile'), parameters('aksClusterContent').properties.autoScalerProfile, json('null'))]",
121
"autoUpgradeProfile": "[if(contains(parameters('aksClusterContent').properties, 'autoUpgradeProfile'), parameters('aksClusterContent').properties.autoUpgradeProfile, json('null'))]",
122
"apiServerAccessProfile": {
123
"disableRunCommand": true
124
},
125
"diskEncryptionSetID": "[if(contains(parameters('aksClusterContent').properties, 'diskEncryptionSetID'), parameters('aksClusterContent').properties.diskEncryptionSetID, json('null'))]",
126
"disableLocalAccounts": "[if(contains(parameters('aksClusterContent').properties, 'disableLocalAccounts'), parameters('aksClusterContent').properties.disableLocalAccounts, json('null'))]",
127
"fqdnSubdomain": "[if(contains(parameters('aksClusterContent').properties, 'fqdnSubdomain'), parameters('aksClusterContent').properties.fqdnSubdomain, json('null'))]",
128
"httpProxyConfig": "[if(contains(parameters('aksClusterContent').properties, 'httpProxyConfig'), parameters('aksClusterContent').properties.httpProxyConfig, json('null'))]",
129
"podIdentityProfile": "[if(contains(parameters('aksClusterContent').properties, 'podIdentityProfile'), parameters('aksClusterContent').properties.podIdentityProfile, json('null'))]",
130
"privateLinkResources": "[if(contains(parameters('aksClusterContent').properties, 'privateLinkResources'), parameters('aksClusterContent').properties.privateLinkResources, json('null'))]",
131
-
"securityProfile": "[if(contains(parameters('aksClusterContent').properties, 'securityProfile'), parameters('aksClusterContent').properties.securityProfile, json('null'))]",
132
-
"identityProfile": "[if(contains(parameters('aksClusterContent').properties, 'identityProfile'), parameters('aksClusterContent').properties.identityProfile, json('null'))]"
133
}
134
}
135
],
136
"outputs": {}
3
"policyType": "BuiltIn",
4
"mode": "Indexed",
5
"description": "Disabling command invoke can enhance the security by rejecting invoke-command access to the cluster",
6
"metadata": {
7
+
"version": "1.2 .0",
8
"category": "Kubernetes"
9
},
10
"parameters": {
11
"effect": {
71
"resources": [],
72
"outputs": {
73
"aksCluster": {
74
"type": "object",
75
+
"value": "[reference(resourceId(parameters('clusterResourceGroupName'), 'Microsoft.ContainerService/managedClusters', parameters('clusterName')), '2023 -11 -01', 'Full')]"
76
}
77
}
78
}
79
}
99
}
100
},
101
"resources": [
102
{
103
+
"apiVersion": "2023 -11 -01",
104
"type": "Microsoft.ContainerService/managedClusters",
105
"name": "[parameters('aksClusterName')]",
106
"location": "[parameters('aksClusterContent').location]",
107
"sku": "[parameters('aksClusterContent').sku]",
108
"tags": "[if(contains(parameters('aksClusterContent'), 'tags'), parameters('aksClusterContent').tags, json('null'))]",
109
"properties": {
110
"kubernetesVersion": "[parameters('aksClusterContent').properties.kubernetesVersion]",
111
"linuxProfile": "[if(contains(parameters('aksClusterContent').properties, 'linuxProfile'), parameters('aksClusterContent').properties.linuxProfile, json('null'))]",
112
"windowsProfile": "[if(contains(parameters('aksClusterContent').properties, 'windowsProfile'), parameters('aksClusterContent').properties.windowsProfile, json('null'))]",
113
"servicePrincipalProfile": "[if(contains(parameters('aksClusterContent').properties, 'servicePrincipalProfile'), parameters('aksClusterContent').properties.servicePrincipalProfile, json('null'))]",
114
"nodeResourceGroup": "[parameters('aksClusterContent').properties.nodeResourceGroup]",
117
"networkProfile": "[if(contains(parameters('aksClusterContent').properties, 'networkProfile'), parameters('aksClusterContent').properties.networkProfile, json('null'))]",
118
"aadProfile": "[if(contains(parameters('aksClusterContent').properties, 'aadProfile'), parameters('aksClusterContent').properties.aadProfile, json('null'))]",
119
"autoScalerProfile": "[if(contains(parameters('aksClusterContent').properties, 'autoScalerProfile'), parameters('aksClusterContent').properties.autoScalerProfile, json('null'))]",
120
"autoUpgradeProfile": "[if(contains(parameters('aksClusterContent').properties, 'autoUpgradeProfile'), parameters('aksClusterContent').properties.autoUpgradeProfile, json('null'))]",
121
+
"azureMonitorProfile": "[if(contains(parameters('aksClusterContent').properties, 'azureMonitorProfile'), parameters('aksClusterContent').properties.azureMonitorProfile, json('null'))]",
122
"apiServerAccessProfile": {
123
"disableRunCommand": true
124
},
125
"diskEncryptionSetID": "[if(contains(parameters('aksClusterContent').properties, 'diskEncryptionSetID'), parameters('aksClusterContent').properties.diskEncryptionSetID, json('null'))]",
126
"disableLocalAccounts": "[if(contains(parameters('aksClusterContent').properties, 'disableLocalAccounts'), parameters('aksClusterContent').properties.disableLocalAccounts, json('null'))]",
127
"fqdnSubdomain": "[if(contains(parameters('aksClusterContent').properties, 'fqdnSubdomain'), parameters('aksClusterContent').properties.fqdnSubdomain, json('null'))]",
128
"httpProxyConfig": "[if(contains(parameters('aksClusterContent').properties, 'httpProxyConfig'), parameters('aksClusterContent').properties.httpProxyConfig, json('null'))]",
129
+
"oidcIssuerProfile": "[if(contains(parameters('aksClusterContent').properties, 'oidcIssuerProfile'), parameters('aksClusterContent').properties.oidcIssuerProfile, json('null'))]",
130
"podIdentityProfile": "[if(contains(parameters('aksClusterContent').properties, 'podIdentityProfile'), parameters('aksClusterContent').properties.podIdentityProfile, json('null'))]",
131
"privateLinkResources": "[if(contains(parameters('aksClusterContent').properties, 'privateLinkResources'), parameters('aksClusterContent').properties.privateLinkResources, json('null'))]",
132
+
"identityProfile ": "[if(contains(parameters('aksClusterContent').properties, 'identityProfile '), parameters('aksClusterContent').properties.identityProfile , json('null'))]",
133
+
"publicNetworkAccess ": "[if(contains(parameters('aksClusterContent').properties, 'publicNetworkAccess '), parameters('aksClusterContent').properties.publicNetworkAccess , json('null'))]",
134
+
"serviceMeshProfile": "[if(contains(parameters('aksClusterContent').properties, 'serviceMeshProfile'), parameters('aksClusterContent').properties.serviceMeshProfile, json('null'))]",
135
+
"storageProfile": "[if(contains(parameters('aksClusterContent').properties, 'storageProfile'), parameters('aksClusterContent').properties.storageProfile, json('null'))]",
136
+
"supportPlan": "[if(contains(parameters('aksClusterContent').properties, 'supportPlan'), parameters('aksClusterContent').properties.supportPlan, json('null'))]",
137
+
"upgradeSettings": "[if(contains(parameters('aksClusterContent').properties, 'upgradeSettings'), parameters('aksClusterContent').properties.upgradeSettings, json('null'))]",
138
+
"workloadAutoScalerProfile": "[if(contains(parameters('aksClusterContent').properties, 'workloadAutoScalerProfile'), parameters('aksClusterContent').properties.workloadAutoScalerProfile, json('null'))]"
139
}
140
}
141
],
142
"outputs": {}
JSON
api-version=2021-06-01 Copy definition Copy definition 4 EPAC EPAC
{ 7 items displayName: "Disable Command Invoke on Azure Kubernetes Service clusters" , policyType: "BuiltIn" , mode: "Indexed" , description: "Disabling command invoke can enhance the security by rejecting invoke-command access to the cluster" , metadata: { 2 items version: "1.2.0" , category: "Kubernetes" } , parameters: { 1 item } , policyRule: { 2 items if: { 2 items field: "type" , equals: "Microsoft.ContainerService/managedClusters" } , then: { 2 items effect: "[parameters('effect')]" , details: { 5 items type: "Microsoft.ContainerService/managedClusters" , name: "[field('name')]" , roleDefinitionIds: [ 2 items ] , existenceCondition: { 2 items field: "Microsoft.ContainerService/managedClusters/apiServerAccessProfile.disableRunCommand" , equals: true } , deployment: { 1 item properties: { 3 items mode: "incremental" , template: { 5 items $schema: "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" , contentVersion: "1.0.0.0" , parameters: { 2 items } , variables: { 2 items clusterGetDeploymentName: 🔍 "[
take(
concat(
'Policy-Get-',
parameters('clusterName')
),
64
)
]", clusterUpdateDeploymentName: 🔍 "[
take(
concat(
'Policy-Update-',
parameters('clusterName')
),
64
)
]" } , resources: [ 2 items { 4 items apiVersion: "2020-06-01" , type: "Microsoft.Resources/deployments" , name: "[variables('clusterGetDeploymentName')]" , properties: { 2 items mode: "Incremental" , template: { 4 items $schema: "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" , contentVersion: "1.0.0.0" , resources : [] , outputs: { 1 item aksCluster: { 2 items type: "object" , value: 🔍 "[
reference(
resourceId(
parameters('clusterResourceGroupName'),
'Microsoft.ContainerService/managedClusters',
parameters('clusterName')
),
'2023-11-01',
'Full'
)
]" } } } } } , { 4 items apiVersion: "2020-06-01" , type: "Microsoft.Resources/deployments" , name: "[variables('clusterUpdateDeploymentName')]" , properties: { 4 items mode: "Incremental" , expressionEvaluationOptions: { 1 item } , template: { 5 items $schema: "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" , contentVersion: "1.0.0.0" , parameters: { 2 items } , resources: [ 1 item { 7 items apiVersion: "2023-11-01" , type: "Microsoft.ContainerService/managedClusters" , name: "[parameters('aksClusterName')]" , location: "[parameters('aksClusterContent').location]" , sku: "[parameters('aksClusterContent').sku]" , tags: 🔍 "[
if(
contains(
parameters('aksClusterContent'),
'tags'
),
parameters('aksClusterContent').tags,
json(
'null'
)
)
]", properties: { 27 items kubernetesVersion: "[parameters('aksClusterContent').properties.kubernetesVersion]" , linuxProfile: 🔍 "[
if(
contains(
parameters('aksClusterContent').properties,
'linuxProfile'
),
parameters('aksClusterContent').properties.linuxProfile,
json(
'null'
)
)
]", windowsProfile: 🔍 "[
if(
contains(
parameters('aksClusterContent').properties,
'windowsProfile'
),
parameters('aksClusterContent').properties.windowsProfile,
json(
'null'
)
)
]", servicePrincipalProfile: 🔍 "[
if(
contains(
parameters('aksClusterContent').properties,
'servicePrincipalProfile'
),
parameters('aksClusterContent').properties.servicePrincipalProfile,
json(
'null'
)
)
]", nodeResourceGroup: "[parameters('aksClusterContent').properties.nodeResourceGroup]" , enableRBAC: 🔍 "[
if(
contains(
parameters('aksClusterContent').properties,
'enableRBAC'
),
parameters('aksClusterContent').properties.enableRBAC,
json(
'null'
)
)
]", enablePodSecurityPolicy: 🔍 "[
if(
contains(
parameters('aksClusterContent').properties,
'enablePodSecurityPolicy'
),
parameters('aksClusterContent').properties.enablePodSecurityPolicy,
json(
'null'
)
)
]", networkProfile: 🔍 "[
if(
contains(
parameters('aksClusterContent').properties,
'networkProfile'
),
parameters('aksClusterContent').properties.networkProfile,
json(
'null'
)
)
]", aadProfile: 🔍 "[
if(
contains(
parameters('aksClusterContent').properties,
'aadProfile'
),
parameters('aksClusterContent').properties.aadProfile,
json(
'null'
)
)
]", autoScalerProfile: 🔍 "[
if(
contains(
parameters('aksClusterContent').properties,
'autoScalerProfile'
),
parameters('aksClusterContent').properties.autoScalerProfile,
json(
'null'
)
)
]", autoUpgradeProfile: 🔍 "[
if(
contains(
parameters('aksClusterContent').properties,
'autoUpgradeProfile'
),
parameters('aksClusterContent').properties.autoUpgradeProfile,
json(
'null'
)
)
]", azureMonitorProfile: 🔍 "[
if(
contains(
parameters('aksClusterContent').properties,
'azureMonitorProfile'
),
parameters('aksClusterContent').properties.azureMonitorProfile,
json(
'null'
)
)
]", apiServerAccessProfile: { 1 item } , diskEncryptionSetID: 🔍 "[
if(
contains(
parameters('aksClusterContent').properties,
'diskEncryptionSetID'
),
parameters('aksClusterContent').properties.diskEncryptionSetID,
json(
'null'
)
)
]", disableLocalAccounts: 🔍 "[
if(
contains(
parameters('aksClusterContent').properties,
'disableLocalAccounts'
),
parameters('aksClusterContent').properties.disableLocalAccounts,
json(
'null'
)
)
]", fqdnSubdomain: 🔍 "[
if(
contains(
parameters('aksClusterContent').properties,
'fqdnSubdomain'
),
parameters('aksClusterContent').properties.fqdnSubdomain,
json(
'null'
)
)
]", httpProxyConfig: 🔍 "[
if(
contains(
parameters('aksClusterContent').properties,
'httpProxyConfig'
),
parameters('aksClusterContent').properties.httpProxyConfig,
json(
'null'
)
)
]", oidcIssuerProfile: 🔍 "[
if(
contains(
parameters('aksClusterContent').properties,
'oidcIssuerProfile'
),
parameters('aksClusterContent').properties.oidcIssuerProfile,
json(
'null'
)
)
]", podIdentityProfile: 🔍 "[
if(
contains(
parameters('aksClusterContent').properties,
'podIdentityProfile'
),
parameters('aksClusterContent').properties.podIdentityProfile,
json(
'null'
)
)
]", privateLinkResources: 🔍 "[
if(
contains(
parameters('aksClusterContent').properties,
'privateLinkResources'
),
parameters('aksClusterContent').properties.privateLinkResources,
json(
'null'
)
)
]", identityProfile: 🔍 "[
if(
contains(
parameters('aksClusterContent').properties,
'identityProfile'
),
parameters('aksClusterContent').properties.identityProfile,
json(
'null'
)
)
]", publicNetworkAccess: 🔍 "[
if(
contains(
parameters('aksClusterContent').properties,
'publicNetworkAccess'
),
parameters('aksClusterContent').properties.publicNetworkAccess,
json(
'null'
)
)
]", serviceMeshProfile: 🔍 "[
if(
contains(
parameters('aksClusterContent').properties,
'serviceMeshProfile'
),
parameters('aksClusterContent').properties.serviceMeshProfile,
json(
'null'
)
)
]", storageProfile: 🔍 "[
if(
contains(
parameters('aksClusterContent').properties,
'storageProfile'
),
parameters('aksClusterContent').properties.storageProfile,
json(
'null'
)
)
]", supportPlan: 🔍 "[
if(
contains(
parameters('aksClusterContent').properties,
'supportPlan'
),
parameters('aksClusterContent').properties.supportPlan,
json(
'null'
)
)
]", upgradeSettings: 🔍 "[
if(
contains(
parameters('aksClusterContent').properties,
'upgradeSettings'
),
parameters('aksClusterContent').properties.upgradeSettings,
json(
'null'
)
)
]", workloadAutoScalerProfile: 🔍 "[
if(
contains(
parameters('aksClusterContent').properties,
'workloadAutoScalerProfile'
),
parameters('aksClusterContent').properties.workloadAutoScalerProfile,
json(
'null'
)
)
]" } } ] , outputs : {} } , parameters: { 2 items } } } ] } , parameters: { 2 items } } } } } } }
