diff --git a/policyAssignments/dev/pa-d-monitor.json b/policyAssignments/dev/pa-d-monitor.json index 08839ac..1ffea31 100644 --- a/policyAssignments/dev/pa-d-monitor.json +++ b/policyAssignments/dev/pa-d-monitor.json @@ -14,7 +14,8 @@ }, "MON-001_allowedEmailDomains": { "value": [ - "contoso.com" + "contoso.com", + "microsoft.com" ] }, "MON-002_Effect": { diff --git a/policyAssignments/prod/pa-p-monitor.json b/policyAssignments/prod/pa-p-monitor.json index 54a056c..97918d5 100644 --- a/policyAssignments/prod/pa-p-monitor.json +++ b/policyAssignments/prod/pa-p-monitor.json @@ -14,7 +14,8 @@ }, "MON-001_allowedEmailDomains": { "value": [ - "contoso.com" + "contoso.com", + "microsoft.com" ] }, "MON-002_Effect": { diff --git a/policyDefinitions/storage-account/pol-deny-storage-account-public-endpoint.json b/policyDefinitions/storage-account/pol-deny-storage-account-public-endpoint.json index f8b5b91..2c00033 100644 --- a/policyDefinitions/storage-account/pol-deny-storage-account-public-endpoint.json +++ b/policyDefinitions/storage-account/pol-deny-storage-account-public-endpoint.json @@ -32,18 +32,6 @@ "field": "type", "equals": "Microsoft.Storage/storageAccounts" }, - { - "not": { - "field": "tags[application]", - "equals": "databricks" - } - }, - { - "not": { - "field": "tags[application]", - "equals": "purview" - } - }, { "anyOf": [ { diff --git a/policyDefinitions/storage-account/pol-deny-storage-account-restrict-virtual-network-rules.json b/policyDefinitions/storage-account/pol-deny-storage-account-restrict-virtual-network-rules.json index d538015..95e231f 100644 --- a/policyDefinitions/storage-account/pol-deny-storage-account-restrict-virtual-network-rules.json +++ b/policyDefinitions/storage-account/pol-deny-storage-account-restrict-virtual-network-rules.json @@ -33,18 +33,6 @@ "field": "type", "equals": "Microsoft.Storage/storageAccounts" }, - { - "not": { - "field": "tags[application]", - "equals": "databricks" - } - }, - { - "not": { - "field": "tags[application]", - "equals": "purview" - } - }, { "anyOf": [ { diff --git a/policyDefinitions/storage-account/pol-deny-storage-accounts-should-restrict-network-access.json b/policyDefinitions/storage-account/pol-deny-storage-accounts-should-restrict-network-access.json index 0e4d503..75a56d1 100644 --- a/policyDefinitions/storage-account/pol-deny-storage-accounts-should-restrict-network-access.json +++ b/policyDefinitions/storage-account/pol-deny-storage-accounts-should-restrict-network-access.json @@ -33,18 +33,6 @@ "field": "type", "equals": "Microsoft.Storage/storageAccounts" }, - { - "not": { - "field": "tags[application]", - "equals": "databricks" - } - }, - { - "not": { - "field": "tags[application]", - "equals": "purview" - } - }, { "field": "Microsoft.Storage/storageAccounts/networkAcls.defaultAction", "notEquals": "Deny" diff --git a/policyDefinitions/storage-account/pol-deploy-storage-account-blob-soft-delete.json b/policyDefinitions/storage-account/pol-deploy-storage-account-blob-soft-delete.json index 5ace46d..c8109bb 100644 --- a/policyDefinitions/storage-account/pol-deploy-storage-account-blob-soft-delete.json +++ b/policyDefinitions/storage-account/pol-deploy-storage-account-blob-soft-delete.json @@ -55,18 +55,6 @@ "field": "type", "equals": "Microsoft.Storage/storageAccounts" }, - { - "not": { - "field": "tags[application]", - "equals": "databricks" - } - }, - { - "not": { - "field": "tags[application]", - "equals": "purview" - } - }, { "field": "kind", "in": [ diff --git a/scripts/pipelines/policy-integration-tests/pipeline-map-policy-integration-test-cases.ps1 b/scripts/pipelines/policy-integration-tests/pipeline-map-policy-integration-test-cases.ps1 index e0cb2a1..b65138b 100644 --- a/scripts/pipelines/policy-integration-tests/pipeline-map-policy-integration-test-cases.ps1 +++ b/scripts/pipelines/policy-integration-tests/pipeline-map-policy-integration-test-cases.ps1 @@ -159,9 +159,11 @@ function getTestCasesFromAssignment { [string]$policyIntegrationTestsPath ) $testsInScope = @() - $testCases = Get-ChildItem -path $policyIntegrationTestsPath -Depth 1 -Directory + Write-Verbose " - Looking for test cases that are impacted by the policy assignment '$assignmentName' from '$policyIntegrationTestsPath'." -Verbose + $testCases = Get-ChildItem -path $policyIntegrationTestsPath -Depth 0 -Directory foreach ($testCase in $testCases) { + Write-Verbose " - Checking test case '$($testCase.Name)' for assignment '$assignmentName'..." -Verbose $testConfigFile = join-Path -Path $testCase.FullName -ChildPath 'config.json' -Resolve $testConfig = Get-Content -Path $testConfigFile -Raw | ConvertFrom-Json -Depth 99 $policyAssignmentIds = $testConfig.policyAssignmentIds @@ -523,7 +525,6 @@ Foreach ($file in $modifiedFiles) { Write-Verbose " - File '$file' is not in the global test paths. Will Check if individual tests need to be executed." -Verbose $getRequiredTestCasesParams = @{ changeFilePath = $file - policyIntegrationTestsPath = $policyIntegrationTestsPath policyInitiativesPath = $policyInitiativesPath policyAssignmentsPath = $policyAssignmentsPath gitRoot = $gitRoot diff --git a/tests/policy-integration-tests/.shared/policy_integration_test_config.jsonc b/tests/policy-integration-tests/.shared/policy_integration_test_config.jsonc index 668a4cd..24d1ea1 100644 --- a/tests/policy-integration-tests/.shared/policy_integration_test_config.jsonc +++ b/tests/policy-integration-tests/.shared/policy_integration_test_config.jsonc @@ -119,7 +119,6 @@ "scripts/pipelines/pipeline-get-deployment-target-from-parameter-file.ps1", "scripts/pipelines/pipeline-get-parameter-files.ps1", "scripts/pipelines/pipeline-install-moduleFromRepo.ps1", - "scripts/pipelines/pipeline-template-deployment.ps1", "scripts/pipelines/pipeline-template-deployment-rest.ps1", "scripts/pipelines/pipeline-template-validation.ps1", "scripts/pipelines/pipeline-set-policy-resource-bicep-template-file.ps1",