Updated from upstream (#37)

Co-authored-by: System <noreply@azure.com>
terraform-azurerm-modules · Jul 5, 2021 · 4f6a8f5 · 4f6a8f5
1 parent 322ad79
commit 4f6a8f5
Showing 1 changed file with 16 additions and 2 deletions.
diff --git a/policydefinition-deny_subnet_without_udr.tf b/policydefinition-deny_subnet_without_udr.tf
@@ -4,10 +4,10 @@ resource "azurerm_policy_definition" "deny_subnet_without_udr" {
   policy_type  = "Custom"
   mode         = "All"
   display_name = "Subnets should have a User Defined Route"
-  description  = "This policy denies the creation of a subsnet with out a User Defined Route."
+  description  = "This policy denies the creation of a subnet with out a User Defined Route."
   metadata     = <<METADATA
 {
-  "version": "1.0.0",
+  "version": "1.1.0",
   "category": "Network"
 }
 METADATA
@@ -21,6 +21,10 @@ METADATA
         "field": "type",
         "equals": "Microsoft.Network/virtualNetworks/subnets"
       },
+      {
+        "field": "name",
+        "notIn": "[parameters('excludedSubnets')]"
+      },
       {
         "field": "Microsoft.Network/virtualNetworks/subnets/routeTable.id",
         "exists": "false"
@@ -47,6 +51,16 @@ POLICYRULE
       "Disabled"
     ],
     "defaultValue": "Deny"
+  },
+  "excludedSubnets": {
+    "type": "Array",
+    "metadata": {
+      "displayName": "Excluded Subnets",
+      "description": "Array of subnet names that are excluded from this policy"
+    },
+    "defaultValue": [
+      "AzureBastionSubnet"
+    ]
   }
 }
 PARAMETERS