skip: update CI 246

epam · Sep 5, 2024 · b331084 · b331084
1 parent f94c327
commit b331084
Show file tree

Hide file tree

Showing 11 changed files with 7 additions and 27 deletions.
diff --git a/.github/workflows/auto-test.yml b/.github/workflows/auto-test.yml
@@ -10,7 +10,7 @@ on:
       resource_priority_list:
         type: string
         description: Priority list for resources (you can remove unnecessary resources during testing)
-        default: '["storage", "webapp", "vnet", "network", "vm", "synapse", "sql", "mysql", "subscription", "disk", "postgresql", "cosmosdb", "signalr", "spring", "search", "service-fabric", "stream", "redis", "servicebus", "role", "monitor", "machine-learning", "logic", "kusto", "aks", "keyvault", "iothub", "front-door", "event", "data", "defender", "container", "cognitiveservice", "batch", "automation", "application", "app-configuration", "api", "alert"]'
+        default: '["storage", "container", "automation", "api", "network", "vnet", "defender"]'
         #'["storage", "webapp", "vnet", "network", "vm", "synapse", "sql", "mysql", "subscription", "disk", "postgresql", "cosmosdb", "signalr", "spring", "search", "service-fabric", "stream", "redis", "servicebus", "role", "monitor", "machine-learning", "logic", "kusto", "aks", "keyvault", "iothub", "front-door", "event", "data", "defender", "container", "cognitiveservice", "batch", "automation", "application", "app-configuration", "api", "alert"]'
         required: true
 
@@ -24,7 +24,7 @@ env:
   AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
   AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
   AZURE_SECRET_VALUE: ${{ secrets.AZURE_SECRET_VALUE }}
-  default_resource_priority_list: '["storage", "webapp", "vnet", "network", "vm", "synapse", "sql", "mysql", "subscription", "disk", "postgresql", "cosmosdb", "signalr", "spring", "search", "service-fabric", "stream", "redis", "servicebus", "role", "monitor", "machine-learning", "logic", "kusto", "aks", "keyvault", "iothub", "front-door", "event", "data", "defender", "container", "cognitiveservice", "batch", "automation", "application", "app-configuration", "api", "alert"]'
+  default_resource_priority_list: '["storage", "container", "automation", "api", "network", "vnet", "defender"]'
   #default_resource_priority_list: '["storage", "webapp", "vnet", "network", "vm", "synapse", "sql", "mysql", "subscription", "disk", "postgresql", "cosmosdb", "signalr", "spring", "search", "service-fabric", "stream", "redis", "servicebus", "role", "monitor", "machine-learning", "logic", "kusto", "aks", "keyvault", "iothub", "front-door", "event", "data", "defender", "container", "cognitiveservice", "batch", "automation", "application", "app-configuration", "api", "alert"]'
   TF_VAR_project: ${{ secrets.TF_VAR_project }}
   TF_VAR_region: ${{ secrets.AWS_REGION }}

diff --git a/auto_policy_testing/green/automation/automation_account.tf b/auto_policy_testing/green/automation/automation_account.tf
@@ -1,6 +1,6 @@
 resource "azurerm_automation_account" "this" {
   name                          = module.naming.resource_prefix.automation
-  location                      = data.terraform_remote_state.common.outputs.location
+  location                      = "eastasia"
   resource_group_name           = data.terraform_remote_state.common.outputs.resource_group
   sku_name                      = "Basic"
   tags                          = module.naming.default_tags

diff --git a/auto_policy_testing/green/container/container_registry.tf b/auto_policy_testing/green/container/container_registry.tf
@@ -7,7 +7,6 @@ resource "azurerm_container_registry" "this" {
   anonymous_pull_enabled        = false
 
   encryption {
-    enabled            = true
     key_vault_key_id   = data.terraform_remote_state.common.outputs.key_id
     identity_client_id = azurerm_user_assigned_identity.this.client_id
   }

diff --git a/auto_policy_testing/green/container/key_vault.tf b/auto_policy_testing/green/container/key_vault.tf
@@ -12,11 +12,7 @@ resource "azurerm_key_vault_access_policy" "user_identity" {
   tenant_id    = data.azurerm_client_config.current.tenant_id
   object_id    = azurerm_user_assigned_identity.this.principal_id
 
-  key_permissions = [
-    "Get",
-    "WrapKey",
-    "UnwrapKey"
-  ]
+  key_permissions = ["Get", "UnwrapKey", "WrapKey"]
 
 }
 
diff --git a/auto_policy_testing/green/network/vm.tf b/auto_policy_testing/green/network/vm.tf
@@ -9,7 +9,7 @@ resource "azurerm_network_interface" "this" {
     private_ip_address_allocation = "Dynamic"
   }
 
-  enable_ip_forwarding = false
+  ip_forwarding_enabled = false
 
   tags = module.naming.default_tags
 }

diff --git a/auto_policy_testing/red/automation/automation_account.tf b/auto_policy_testing/red/automation/automation_account.tf
@@ -1,6 +1,6 @@
 resource "azurerm_automation_account" "this" {
   name                          = module.naming.resource_prefix.automation
-  location                      = data.terraform_remote_state.common.outputs.location
+  location                      = "eastus"
   resource_group_name           = data.terraform_remote_state.common.outputs.resource_group
   sku_name                      = "Basic"
   tags                          = module.naming.default_tags

diff --git a/policies/ecc-azure-346-mysql_latest_tls.yml b/policies/ecc-azure-346-mysql_latest_tls.yml
@@ -18,7 +18,4 @@ policies:
         name: tls_version
         key: value
         op: ne
-        value: "TLSv1.2"
-      - type: value
-        key: properties.state
-        value: Ready
+        value: "TLSv1.2"
diff --git a/policies/ecc-azure-347-mysql_cmk.yml b/policies/ecc-azure-347-mysql_cmk.yml
@@ -17,6 +17,3 @@ policies:
       - type: value
         key: properties.dataEncryption
         value: absent
-      - type: value
-        key: properties.state
-        value: Ready
diff --git a/policies/ecc-azure-348-mysql_harden_usage_for_local_infile.yml b/policies/ecc-azure-348-mysql_harden_usage_for_local_infile.yml
@@ -20,6 +20,3 @@ policies:
         op: eq
         value: "on"
         value_type: normalize
-      - type: value
-        key: properties.state
-        value: Ready
diff --git a/policies/ecc-azure-349-mysql_max_user_connections.yml b/policies/ecc-azure-349-mysql_max_user_connections.yml
@@ -19,6 +19,3 @@ policies:
         key: value
         op: eq
         value: "0"
-      - type: value
-        key: properties.state
-        value: Ready
diff --git a/policies/ecc-azure-350-mysql_slow_query_log_permissions.yml b/policies/ecc-azure-350-mysql_slow_query_log_permissions.yml
@@ -20,7 +20,4 @@ policies:
         op: eq
         value: "off"
         value_type: normalize
-      - type: value
-        key: properties.state
-        value: Ready