feat(alz): add policy assignment defaults to maintain compatibility with previous module

.github/scripts/CreatePrivateDnsZoneDefaultFiles.ps1

@@ -0,0 +1,104 @@
+$privateDnsZoneIds = @(
+    "azureManagedGrafanaWorkspacePrivateDnsZoneId",
+    "azureArcKubernetesConfigurationPrivateDnsZoneId",
+    "azureArcHybridResourceProviderPrivateDnsZoneId",
+    "azureArcGuestconfigurationPrivateDnsZoneId",
+    "azureAppPrivateDnsZoneId",
+    "azureAppServicesPrivateDnsZoneId",
+    "azureAsrPrivateDnsZoneId",
+    "azureAutomationDSCHybridPrivateDnsZoneId",
+    "azureAutomationWebhookPrivateDnsZoneId",
+    "azureBatchPrivateDnsZoneId",
+    "azureCognitiveSearchPrivateDnsZoneId",
+    "azureCognitiveServicesPrivateDnsZoneId",
+    "azureCosmosCassandraPrivateDnsZoneId",
+    "azureCosmosGremlinPrivateDnsZoneId",
+    "azureCosmosMongoPrivateDnsZoneId",
+    "azureCosmosSQLPrivateDnsZoneId",
+    "azureCosmosTablePrivateDnsZoneId",
+    "azureDataFactoryPortalPrivateDnsZoneId",
+    "azureDataFactoryPrivateDnsZoneId",
+    "azureDiskAccessPrivateDnsZoneId",
+    "azureEventGridDomainsPrivateDnsZoneId",
+    "azureEventGridTopicsPrivateDnsZoneId",
+    "azureEventHubNamespacePrivateDnsZoneId",
+    "azureFilePrivateDnsZoneId",
+    "azureHDInsightPrivateDnsZoneId",
+    "azureIotHubsPrivateDnsZoneId",
+    "azureIotPrivateDnsZoneId",
+    "azureKeyVaultPrivateDnsZoneId",
+    "azureMachineLearningWorkspacePrivateDnsZoneId",
+    "azureMediaServicesKeyPrivateDnsZoneId",
+    "azureMediaServicesLivePrivateDnsZoneId",
+    "azureMediaServicesStreamPrivateDnsZoneId",
+    "azureMigratePrivateDnsZoneId",
+    "azureMonitorPrivateDnsZoneId1",
+    "azureMonitorPrivateDnsZoneId2",
+    "azureMonitorPrivateDnsZoneId3",
+    "azureMonitorPrivateDnsZoneId4",
+    "azureMonitorPrivateDnsZoneId5",
+    "azureRedisCachePrivateDnsZoneId",
+    "azureServiceBusNamespacePrivateDnsZoneId",
+    "azureSignalRPrivateDnsZoneId",
+    "azureStorageBlobPrivateDnsZoneId",
+    "azureStorageBlobSecPrivateDnsZoneId",
+    "azureStorageDFSPrivateDnsZoneId",
+    "azureStorageDFSSecPrivateDnsZoneId",
+    "azureStorageFilePrivateDnsZoneId",
+    "azureStorageQueuePrivateDnsZoneId",
+    "azureStorageQueueSecPrivateDnsZoneId",
+    "azureStorageStaticWebPrivateDnsZoneId",
+    "azureStorageStaticWebSecPrivateDnsZoneId",
+    "azureSynapseDevPrivateDnsZoneId",
+    "azureSynapseSQLODPrivateDnsZoneId",
+    "azureSynapseSQLPrivateDnsZoneId",
+    "azureWebPrivateDnsZoneId",
+    "azureVirtualDesktopHostpoolPrivateDnsZoneId",
+    "azureVirtualDesktopWorkspacePrivateDnsZoneId",
+    "azureSiteRecoveryBlobPrivateDnsZoneID",
+    "azureSiteRecoveryQueuePrivateDnsZoneID"
+)
+
+
+$path = "C:\Users\jaredholgate\Code\Azure-Landing-Zones-Library\platform\alz\policy_assignment_default_values"
+
+foreach($privateDnsZoneId in $privateDnsZoneIds) {
+    $camelCase = ""
+    $wasPreviousUpperI = $false
+
+    foreach($character in $privateDnsZoneId.ToCharArray()) {
+        if([System.Char]::IsUpper($character)) {
+            if(!$wasPreviousUpper) {
+                $camelCase += "_"
+            }
+
+            $wasPreviousUpper = $true
+        } else {
+            $wasPreviousUpper = $false
+        }
+        $camelCase += $character.ToString().ToLower()
+    }
+
+    $camelCase = $camelCase.Replace("sql", "_sql_").Replace("dfs", "_dfs_").Replace("dsc", "_dsc_").Replace("signal_r", "_signal_r_").Replace("private_dns_zone_id", "_private_dns_zone_id_").Replace("___", "_").Replace("__", "_").Trim("_")
+    $finalName = $camelCase.Replace("_private_dns_zone_id", "").Replace("azure_", "").Trim("_")
+    $finalName = "private_dns_zone_$finalName"
+
+    $jsonObject = @{
+        "name" = $finalName
+        "policy_assignments" = @(
+            @{
+                "policy_assignment_name" = "Deploy-Private-DNS-Zones"
+                "parameter_names" = @(
+                    $privateDnsZoneId
+                )
+            }
+        )
+
+    } | ConvertTo-Json -Depth 10
+
+    Write-Host $jsonObject
+
+
+
+    $jsonObject | Out-File "$path\$finalName.alz_policy_default_value.json"
+}

.github/scripts/Invoke-LibraryUpdatePolicyAssignmentArchetypes.ps1

@@ -102,6 +102,7 @@ $parameters = @{
         userAssignedIdentityResourceId           = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/placeholder/providers/Microsoft.ManagedIdentity/userAssignedIdentities/placeholder"
         dcrResourceId                            = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/placeholder/providers/Microsoft.Insights/dataCollectionRules/placeholder"
         dataCollectionRuleResourceId             = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/placeholder/providers/Microsoft.Insights/dataCollectionRules/placeholder"
+        resourceType                             = "Microsoft.ManagedIdentity/userAssignedIdentities"
     }
     overrides = @{
         sql_data_collection_rule_overrides             = @{

platform/alz/policy_assignment_default_values/ama_user_assigned_managed_identity_id.alz_policy_default_value.json

@@ -0,0 +1,23 @@
+{
+  "name": "ama_user_assigned_managed_identity_id",
+  "policy_assignments": [
+    {
+      "policy_assignment_name": "Deploy-VM-ChangeTrack",
+      "parameter_names": [
+        "userAssignedIdentityResourceId"
+      ]
+    },
+    {
+      "policy_assignment_name": "Deploy-vmArc-ChangeTrack",
+      "parameter_names": [
+        "userAssignedIdentityResourceId"
+      ]
+    },
+    {
+      "policy_assignment_name": "Deploy-VMSS-ChangeTrack",
+      "parameter_names": [
+        "userAssignedIdentityResourceId"
+      ]
+    }
+  ]
+}

platform/alz/policy_assignment_default_values/ama_user_assigned_managed_identity_name.alz_policy_default_value.json

@@ -0,0 +1,11 @@
+{
+  "name": "ama_user_assigned_managed_identity_name",
+  "policy_assignments": [
+    {
+      "policy_assignment_name": "DenyAction-DeleteUAMIAMA",
+      "parameter_names": [
+        "resourceName"
+      ]
+    }
+  ]
+}

platform/alz/policy_assignment_default_values/ama_vm_change_tracking_data_collection_rule_id.alz_policy_default_value .json

@@ -0,0 +1,11 @@
+{
+  "name": "ama_vm_change_tracking_data_collection_rule_id",
+  "policy_assignments": [
+    {
+      "policy_assignment_name": "Deploy-VM-ChangeTrack",
+      "parameter_names": [
+        "dcrResourceId"
+      ]
+    }
+  ]
+}

platform/alz/policy_assignment_default_values/ama_vmarc_change_tracking_data_collection_rule_id.alz_policy_default_value.json

@@ -0,0 +1,11 @@
+{
+  "name": "ama_vmarc_change_tracking_data_collection_rule_id",
+  "policy_assignments": [
+    {
+      "policy_assignment_name": "Deploy-vmArc-ChangeTrack",
+      "parameter_names": [
+        "dcrResourceId"
+      ]
+    }
+  ]
+}

platform/alz/policy_assignment_default_values/ama_vmss_change_tracking_data_collection_rule_id.alz_policy_default_value.json

@@ -0,0 +1,11 @@
+{
+  "name": "ama_vmss_change_tracking_data_collection_rule_id",
+  "policy_assignments": [
+    {
+      "policy_assignment_name": "Deploy-VMSS-ChangeTrack",
+      "parameter_names": [
+        "dcrResourceId"
+      ]
+    }
+  ]
+}

platform/alz/policy_assignment_default_values/automation_account_location.alz_policy_default_value.json

@@ -0,0 +1,11 @@
+{
+  "name": "automation_account_location",
+  "policy_assignments": [
+    {
+      "policy_assignment_name": "Deploy-Log-Analytics",
+      "parameter_names": [
+        "automationRegion"
+      ]
+    }
+  ]
+}

platform/alz/policy_assignment_default_values/automation_account_name.alz_policy_default_value.json

@@ -0,0 +1,11 @@
+{
+  "name": "automation_account_name",
+  "policy_assignments": [
+    {
+      "policy_assignment_name": "Deploy-Log-Analytics",
+      "parameter_names": [
+        "automationAccountName"
+      ]
+    }
+  ]
+}

platform/alz/policy_assignment_default_values/ddos_protection_plan_id.alz_policy_default_value.json

@@ -0,0 +1,11 @@
+{
+  "name": "ddos_protection_plan_id",
+  "policy_assignments": [
+    {
+      "policy_assignment_name": "Enable-DDoS-VNET",
+      "parameter_names": [
+        "ddosPlan"
+      ]
+    }
+  ]
+}

platform/alz/policy_assignment_default_values/log_analytics_workspace_id.alz_policy_default_value.json

@@ -0,0 +1,41 @@
+{
+  "name": "log_analytics_workspace_id",
+  "policy_assignments": [
+    {
+      "policy_assignment_name": "Deploy-AzActivity-Log",
+      "parameter_names": [
+        "logAnalytics"
+      ]
+    },
+    {
+      "policy_assignment_name": "Deploy-AzSqlDb-Auditing",
+      "parameter_names": [
+        "logAnalyticsWorkspaceId"
+      ]
+    },
+    {
+      "policy_assignment_name": "Deploy-Diag-Logs",
+      "parameter_names": [
+        "logAnalytics"
+      ]
+    },
+    {
+      "policy_assignment_name": "Deploy-MDFC-Config-H224",
+      "parameter_names": [
+        "logAnalytics"
+      ]
+    },
+    {
+      "policy_assignment_name": "Deploy-MDFC-Config",
+      "parameter_names": [
+        "logAnalytics"
+      ]
+    },
+    {
+      "policy_assignment_name": "Deploy-MDFC-DefSQL-AMA",
+      "parameter_names": [
+        "userWorkspaceResourceId"
+      ]
+    }
+  ]
+}

platform/alz/policy_assignment_default_values/log_analytics_workspace_location.alz_policy_default_value.json

@@ -0,0 +1,11 @@
+{
+  "name": "log_analytics_workspace_location",
+  "policy_assignments": [
+    {
+      "policy_assignment_name": "Deploy-Log-Analytics",
+      "parameter_names": [
+        "workspaceRegion"
+      ]
+    }
+  ]
+}

platform/alz/policy_assignment_default_values/log_analytics_workspace_name.alz_policy_default_value.json

@@ -0,0 +1,11 @@
+{
+  "name": "log_analytics_workspace_name",
+  "policy_assignments": [
+    {
+      "policy_assignment_name": "Deploy-Log-Analytics",
+      "parameter_names": [
+        "workspaceName"
+      ]
+    }
+  ]
+}

platform/alz/policy_assignment_default_values/log_analytics_workspace_resource_group_name.alz_policy_default_value.json

@@ -0,0 +1,11 @@
+{
+  "name": "log_analytics_workspace_resource_group_name",
+  "policy_assignments": [
+    {
+      "policy_assignment_name": "Deploy-Log-Analytics",
+      "parameter_names": [
+        "rgName"
+      ]
+    }
+  ]
+}

platform/alz/policy_assignment_default_values/log_analytics_workspace_retention_in_days.alz_policy_default_value.json

@@ -0,0 +1,11 @@
+{
+  "name": "log_analytics_workspace_retention_in_days",
+  "policy_assignments": [
+    {
+      "policy_assignment_name": "Deploy-Log-Analytics",
+      "parameter_names": [
+        "dataRetention"
+      ]
+    }
+  ]
+}

platform/alz/policy_assignment_default_values/log_analytics_workspace_sku.alz_policy_default_value.json

@@ -0,0 +1,11 @@
+{
+  "name": "log_analytics_workspace_sku",
+  "policy_assignments": [
+    {
+      "policy_assignment_name": "Deploy-Log-Analytics",
+      "parameter_names": [
+        "sku"
+      ]
+    }
+  ]
+}

platform/alz/policy_assignment_default_values/private_dns_zone_app.alz_policy_default_value.json

@@ -0,0 +1,11 @@
+{
+  "name": "private_dns_zone_app",
+  "policy_assignments": [
+    {
+      "policy_assignment_name": "Deploy-Private-DNS-Zones",
+      "parameter_names": [
+        "azureAppPrivateDnsZoneId"
+      ]
+    }
+  ]
+}

platform/alz/policy_assignment_default_values/private_dns_zone_app_services.alz_policy_default_value.json

@@ -0,0 +1,11 @@
+{
+  "name": "private_dns_zone_app_services",
+  "policy_assignments": [
+    {
+      "policy_assignment_name": "Deploy-Private-DNS-Zones",
+      "parameter_names": [
+        "azureAppServicesPrivateDnsZoneId"
+      ]
+    }
+  ]
+}

platform/alz/policy_assignment_default_values/private_dns_zone_arc_guestconfiguration.alz_policy_default_value.json

@@ -0,0 +1,11 @@
+{
+  "name": "private_dns_zone_arc_guestconfiguration",
+  "policy_assignments": [
+    {
+      "policy_assignment_name": "Deploy-Private-DNS-Zones",
+      "parameter_names": [
+        "azureArcGuestconfigurationPrivateDnsZoneId"
+      ]
+    }
+  ]
+}

platform/alz/policy_assignment_default_values/private_dns_zone_arc_hybrid_resource_provider.alz_policy_default_value.json

@@ -0,0 +1,11 @@
+{
+  "name": "private_dns_zone_arc_hybrid_resource_provider",
+  "policy_assignments": [
+    {
+      "policy_assignment_name": "Deploy-Private-DNS-Zones",
+      "parameter_names": [
+        "azureArcHybridResourceProviderPrivateDnsZoneId"
+      ]
+    }
+  ]
+}

platform/alz/policy_assignment_default_values/private_dns_zone_arc_kubernetes_configuration.alz_policy_default_value.json

@@ -0,0 +1,11 @@
+{
+  "name": "private_dns_zone_arc_kubernetes_configuration",
+  "policy_assignments": [
+    {
+      "policy_assignment_name": "Deploy-Private-DNS-Zones",
+      "parameter_names": [
+        "azureArcKubernetesConfigurationPrivateDnsZoneId"
+      ]
+    }
+  ]
+}

platform/alz/policy_assignment_default_values/private_dns_zone_asr.alz_policy_default_value.json

@@ -0,0 +1,11 @@
+{
+  "name": "private_dns_zone_asr",
+  "policy_assignments": [
+    {
+      "policy_assignment_name": "Deploy-Private-DNS-Zones",
+      "parameter_names": [
+        "azureAsrPrivateDnsZoneId"
+      ]
+    }
+  ]
+}