Add policy for auditing Storage Accounts having configured firewall r…

[kimsyversen]

It is often possible to add your ip address to the firewall on storage accounts but it is easy to forget to remove the ip address after the work is done. The result can be 100+ firewall openings over many years. Furthermore, it can be hard to easily audit and follow up and that is what this policy aim to support.

[aschabus]

@kimsyversen I think that the condition starting in line 45 isn't correct.
It should iterate over the parameter array one by one.
https://learn.microsoft.com/en-us/azure/governance/policy/how-to/author-policies-for-arrays

Can you please fix this?

[kimsyversen]

Thanks for the feedback @aschabus. I have updated the policy to use "not": { "anyOf": [...] } to iterate array.

[neiichango]

@kimsyversen, the AnyOf, references the amount of conditions inside the anyof section, instead of the array values.

when working with array aliases, the recommendation is to use the Count operator. You can reference to the following official documentations:
https://learn.microsoft.com/en-us/azure/governance/policy/how-to/author-policies-for-arrays
https://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-count-operator
https://learn.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure-policy-rule#count

Can you please redesign the policy so that it follows the recommended structure?