Simplified global-settings.jsonc, improved documentation scripts and multi-tenant handling

• Simplified global-setting.jsonc: breaking changes
  • Simplified the layout by removing the documentation specifications (representativeAssignments and initiativeSetsToCompare) from global-settings.jsonc and moving to a folder (see below)
  • Changed managedIdentityLocation to managedIdentityLocations (plural)
• Improved and consolidated automated generation of documentation
  • Folder Definitions/DocumentationSpecs conatains the instructions on what to generate (moved with substantial format chnages from global-settings.jsonc
  • Single script to generate documentation: Scripts\Operations\Build-PolicyAssignmentDocumentation.ps1
  • Removed scripts Get-AzEffectsForEnvironments.ps1 and Get-AzEffectsForInitiative.ps1, replaced by Build-PolicyAssignmentDocumentation.ps1
• Improved multi-tenant and cloud selection support, prompts for re-authentication in interactive mode
  • Detects when wrong cloud selected (additional field in pacEnvironments (global-settings.jsonc)
  • Detects when logged into wrong tenant
  • Detects when default subscription wrong (switches to correct one)
• Bug fixes
  • Solution had latent scope bug retrieving Policy and Initiative definitions from management Groups, if the default subscription was not in the right hierarchy.
  • Improved error handling

Pipeline simplification and automated roleDefinitionIds

• roleDefinitionIds are now calculating based on the Initiative and Policies being assigned instead of an explicit definition in the assignment files definitionEntry. The system will display a warning that you can remove the explicit roleDefinitionIds.
• Improved default folders and file names. The folder defaults use to environment/pipeline variables PAC_DEFINITIONS_FOLDER, PAC_OUTPUT_FOLDER, and PAC_INPUT_FOLDER. The code simplifies the number of parameters needed for the scripts and therefore simplify the pipeline definition. This change is non-breaking since the old parameters still work and override the defaults.
• Simplified the starter four (4) pipelines to one (1) pipeline.yml.
  • Variable isBrownfield: false replaces the separate pipelines for brownfield
  • Siple pipelines no longer exist, the new pipeline always uses a separate stage for Role Assignments.
  • Pipeline is written for three (3) tenants; if you have fewer tenants delete the extra stages. Do not change the stage names, only modify the displayNames.
  • Pipeline has publish-artifact steps for either Azure DevOps Server (onprem - currently commented out) or Azure DevOps Service (SaaS - currently active in starter pipeline.

v2.4

What's Changed

• child management groups (if any), are part of the exemptions by @wetwicky in #43

New Contributors

• @wetwicky made their first contribution in #43

Full Changelog: v2.3.3...v2.4

Import PolicyDefinitionGroups and Repo Sync simplification.

• Import PolicyDefinitionGroups from built-in Initiatives to custom Policy. eliminates the need for copy/past. Solution will only import groups referenced in PolicyDefinitions.
• Synchronizing of your working repo with the GitHub original to
  • Update your working repo with the latest changes from the original without destroying your work
  • Contribute changes (fixes from your working repo back to the project without contributing your definitions or pipeline changes and associated sensitive information, such as, tenant is, management groups, subscriptions, etc.
  • Documented approach in README.md
  • Created a script to sync the two directories without overriding your changes or publishing your stuff
• Minor cleanups

Reorg of folders and Initiative merge

First numbered release. For details see RELEASE_NOTES.md