skip: update CI 222

epam · Aug 27, 2024 · 6ffc098 · 6ffc098
1 parent dcc8529
commit 6ffc098
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 6 deletions.
diff --git a/.github/workflows/auto-test.yml b/.github/workflows/auto-test.yml
@@ -10,7 +10,7 @@ on:
       resource_priority_list:
         type: string
         description: Priority list for resources (you can remove unnecessary resources during testing)
-        default: '["postgresql", "cosmosdb"]'
+        default: '["aks"]'
         #'["storage", "webapp", "vnet", "network", "vm", "synapse", "sql", "mysql", "subscription", "disk", "postgresql", "cosmosdb", "signalr", "spring", "search", "service-fabric", "stream", "redis", "servicebus", "role", "monitor", "machine-learning", "logic", "kusto", "aks", "keyvault", "iothub", "front-door", "event", "data", "defender", "container", "cognitiveservice", "batch", "automation", "application", "app-configuration", "api", "alert"]'
         required: true
 
@@ -24,7 +24,7 @@ env:
   AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
   AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
   AZURE_SECRET_VALUE: ${{ secrets.AZURE_SECRET_VALUE }}
-  default_resource_priority_list: '["postgresql", "cosmosdb"]'
+  default_resource_priority_list: '["aks"]'
   #default_resource_priority_list: '["storage", "webapp", "vnet", "network", "vm", "synapse", "sql", "mysql", "subscription", "disk", "postgresql", "cosmosdb", "signalr", "spring", "search", "service-fabric", "stream", "redis", "servicebus", "role", "monitor", "machine-learning", "logic", "kusto", "aks", "keyvault", "iothub", "front-door", "event", "data", "defender", "container", "cognitiveservice", "batch", "automation", "application", "app-configuration", "api", "alert"]'
   TF_VAR_project: ${{ secrets.TF_VAR_project }}
   TF_VAR_region: ${{ secrets.AWS_REGION }}

diff --git a/auto_policy_testing/scripts/exception_rules.py b/auto_policy_testing/scripts/exception_rules.py
@@ -34,7 +34,6 @@
             "ecc-azure-176-asb_ddos_protection_enabled", #temporary in block
             "ecc-azure-302-redis_cache_disabled_public_access", #python sdk should be updated
             "ecc-azure-058-cis_aks_rbac", # Cannot create red tf for 058 rule because Azure AD integration (Legacy) is deprecated.
-            "ecc-azure-235-asb_k8s_policy", #issue with rule, should be fixed
             "ecc-azure-281-aks_non_vulnerable_version", #cannot create red tf because azure restrict to deploy new aks with vulnerable version
             "ecc-azure-038-cis_log_keyvaults", # policy and tf works but "Azure Policy" automatically deploys DS to keyvault
             "ecc-azure-354-acr_anonymous_pull", #issue with policy, should be reviewed and fixed

diff --git a/policies/ecc-azure-235-asb_k8s_policy.yml b/policies/ecc-azure-235-asb_k8s_policy.yml
@@ -11,6 +11,7 @@ policies:
       Kubernetes cluster with Azure Policy for AKS disabled
     resource: azure.aks
     filters:
-      - type: value
-        key: properties.addonProfiles.azurepolicy.enabled
-        value: false
+      - not:
+        - type: value
+          key: properties.addonProfiles.azurepolicy.enabled
+          value: true