jtracey93 · jtracey93 · Oct 25, 2022 · Oct 12, 2022 · Oct 13, 2022 · Oct 20, 2022
diff --git a/.github/workflows/gh-ado-sync.yml b/.github/workflows/gh-ado-sync.yml
@@ -1,13 +1,10 @@
-name: Sync Issues with Azure DevOps Work Items
+name: Sync Issues to Azure DevOps Work Items
 
 on:
-  schedule:
-    - cron: '*/15 * * * *'
   issues:
     types: [opened, closed, deleted, reopened, edited, labeled, unlabeled, assigned, unassigned]
   issue_comment:
     types: [created]
-  workflow_dispatch: {}
 
 jobs:
   alert:
@@ -22,10 +19,9 @@ jobs:
           fetch-depth: 0
 
       - name: GitHub/ADO Sync
-        uses: a11smiles/GitSync@main
+        uses: a11smiles/GitSync@v1.1.4
         env:
           ado_token: '${{ secrets.ADO_PERSONAL_ACCESS_TOKEN }}'
-          github_token: '${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}'
           config_file: './.github/actions-config/gh-ado-sync-config.json'
         with:
           ado: ${{ secrets.ADO_MAPPINGS_HANDLES }}
diff --git a/.github/workflows/test-portal.yml b/.github/workflows/test-portal.yml
@@ -9,10 +9,10 @@ name: Test Portal Experience
 on:
   pull_request_target:
     types:
-      - edited
       - opened
       - reopened
       - synchronize
+      - ready_for_review
     paths:
       - "eslzArm/**.json"
       - "src/**.json"

diff --git a/.github/workflows/update-portal.yml b/.github/workflows/update-portal.yml
@@ -9,10 +9,10 @@ name: Update Portal Experience
 on:
   pull_request_target:
     types:
-      - edited
       - opened
       - reopened
       - synchronize
+      - ready_for_review
 
 env:
   github_user_name: 'github-actions'
@@ -87,7 +87,7 @@ jobs:
 
               echo "==> Push changes..."
               echo "Pushing changes to: $github_pr_repo"
-              git push "https://[email protected]/$github_pr_repo.git"
+              git push "https://[email protected]/$github_pr_repo.git" "HEAD:$GITHUB_HEAD_REF"
 
           else
               echo "No changes found."

diff --git a/.github/workflows/wiki-sync.yml b/.github/workflows/wiki-sync.yml
@@ -52,7 +52,7 @@ jobs:
         run: |
           mapfile -t CHECK_GIT_STATUS < <(git status -s)
           printf "%s\n" "${CHECK_GIT_STATUS[@]}"
-          echo "::set-output name=changes::${#CHECK_GIT_STATUS[@]}"
+          echo "changes=${#CHECK_GIT_STATUS[@]}" >> $GITHUB_OUTPUT
         working-directory: ${{ env.wiki_target_repo }}
 
       - name: Add files, commit and push into Wiki

diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md
@@ -56,6 +56,18 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones:
 
 - Release [`v2.4.1`](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/releases/tag/v2.4.1) of the Azure landing zones Terraform module adds a new diagnostic category for Azure Firewall, as reported in issue [#1063](https://github.com/Azure/Enterprise-Scale/issues/1063)
 - Update the Azure landing zone portal accelerator to use Resource Graph with a generic drop down UI element to improve user experience for subscription selection.
+- Update the Azure landing zone portal accelerator to have more unique naming for deployment names in same tenant, using `utcNow()` function in `deploymentSuffix` variable - fixes [#1077](https://github.com/Azure/Enterprise-Scale/issues/1077)
+- Update the Azure landing zone portal accelerator to have more unique naming for vNet names - fixes [#881](https://github.com/Azure/Enterprise-Scale/issues/881)
+  - vNet naming pattern changed:
+    - **From:**
+      - Identity vNet: `<Subscription ID>-<Root ID Prefix>-vnet-<Region Short Name>`
+      - Corp vNets: `<Subscription ID>-<Root ID Prefix>-vnet-<Region Short Name>`
+    - **To:**
+      - Identity vNet: `<Root ID Prefix>-vnet-<Region Short Name>-<Subscription ID>` (then trimmed to 64 characters, using `take()` function, starting at front - so Subscription ID will get trimmed)
+      - Corp vNets: `<Root ID Prefix>-vnet-<Region Short Name>-<Subscription ID>` (then trimmed to 64 characters, using `take()` function, starting at front - so Subscription ID will get trimmed)
+  - **⚠️This is a breaking change, only if you attempt to redeploy the Azure landing zone portal accelerator over the top of an existing Azure landing zone portal accelerator deployment that was deployed prior to 12/10/2022 (12th October 2022)⚠️**
+    - The outcome if you do this will be that new vNets will be created based on what you input into the Azure landing zone portal accelerator form when you fill it out. Even if you input exactly the same inputs and details as the first time you deployed it.
+      - However, this is a very uncommon action and if you are impacted [please raise an issue](https://github.com/Azure/Enterprise-Scale/issues) on the repo and we can assist further
 
 ### Policy
 

diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json
@@ -653,6 +653,13 @@
             "metadata": {
                 "description": "Configure the count of empty deployments used to introduce a delay after policy deployment. Used to increase reliability of deployment, but can be reduced when re-deploying to an existing environment."
             }
+        },
+        "currentDateTimeUtcNow": {
+            "type": "string",
+            "defaultValue": "[utcNow()]",
+            "metadata": {
+                "description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
+            }
         }
     },
     "variables": {
@@ -731,7 +738,7 @@
             "govMdfcPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/gov/fairfaxDINE-MDFCConfigPolicyAssignment.json')]"
         },
         // Declaring deterministic deployment names
-        "deploymentSuffix": "[concat('-', deployment().location, '-', guid(parameters('enterpriseScaleCompanyPrefix')))]",
+        "deploymentSuffix": "[concat('-', deployment().location, '-', guid(parameters('enterpriseScaleCompanyPrefix'), parameters('currentDateTimeUtcNow')))]",
         "deploymentNames": {
             "mgmtGroupDeploymentName": "[take(concat('alz-Mgs', variables('deploymentSuffix')), 64)]",
             "mgmtSubscriptionPlacement": "[take(concat('alz-MgmtSub', variables('deploymentSuffix')), 64)]",
@@ -790,7 +797,7 @@
             "identityPeeringDeploymentName": "[take(concat('alz-IDPeering', variables('deploymentSuffix')), 64)]",
             "identityVwanPeeringDeploymentName": "[take(concat('alz-IDVwanPeering', variables('deploymentSuffix')), 64)]",
             "corpConnectedLzVwanSubs": "[take(concat('alz-CorpConnLzsVwan', variables('deploymentSuffix')), 50)]",
-            "pidCuaDeploymentName": "[take(concat('pid-', variables('cuaid'), '-' , uniqueString(deployment().location, parameters('enterpriseScaleCompanyPrefix'))), 64)]"
+            "pidCuaDeploymentName": "[take(concat('pid-', variables('cuaid'), '-' , uniqueString(deployment().location, parameters('enterpriseScaleCompanyPrefix'), parameters('currentDateTimeUtcNow'))), 64)]"
         },
         "esLiteDeploymentNames": {
             "mgmtGroupLiteDeploymentName": "[take(concat('alz-MgsLite', variables('deploymentSuffix')), 64)]",
@@ -2721,7 +2728,7 @@
                         "value": "[variables('platformRgNames').identityVnetRg]"
                     },
                     "vNetName": {
-                        "value": "[concat(parameters('identitySubscriptionId'), variables('platformResourceNames').identityVnet)]"
+                        "value": "[take(concat(variables('platformResourceNames').identityVnet, '-', uniqueString(parameters('identitySubscriptionId'))), 64)]"
                     },
                     "vNetLocation": {
                         "value": "[parameters('connectivityLocation')]"
@@ -2768,7 +2775,7 @@
                         "value": "[variables('platformRgNames').identityVnetRg]"
                     },
                     "vNetName": {
-                        "value": "[concat(parameters('identitySubscriptionId'), variables('platformResourceNames').identityVnet)]"
+                        "value": "[take(concat(variables('platformResourceNames').identityVnet, '-', uniqueString(parameters('identitySubscriptionId'))), 64)]"
                     },
                     "vNetLocation": {
                         "value": "[parameters('connectivityLocation')]"
@@ -2931,7 +2938,7 @@
                         "value": "[variables('platformRgNames').lzVnetRg]"
                     },
                     "vNetName": {
-                        "value": "[concat(parameters('corpConnectedLzSubscriptionId')[copyIndex()].subs, '-', variables('platformResourceNames').lzVnet)]"
+                        "value": "[take(concat(variables('platformResourceNames').lzVnet, '-', parameters('corpConnectedLzSubscriptionId')[copyIndex()].subs), 64)]"
                     },
                     "vNetLocation": {
                         "value": "[parameters('connectivityLocation')]"
@@ -2988,7 +2995,7 @@
                         "value": "[variables('platformRgNames').lzVnetRg]"
                     },
                     "vNetName": {
-                        "value": "[concat(parameters('corpConnectedLzSubscriptionId')[copyIndex()].subs, '-', variables('platformResourceNames').lzVnet)]"
+                        "value": "[take(concat(variables('platformResourceNames').lzVnet, '-', parameters('corpConnectedLzSubscriptionId')[copyIndex()].subs), 64)]"
                     },
                     "vNetLocation": {
                         "value": "[parameters('connectivityLocation')]"

diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.10.61.36676",
-      "templateHash": "12718734228119532752"
+      "version": "0.11.1.770",
+      "templateHash": "12625835499431513826"
     }
   },
   "parameters": {

diff --git a/src/Alz.Tools/Alz.Classes/Alz.Classes.psm1 b/src/Alz.Tools/Alz.Classes/Alz.Classes.psm1
@@ -477,6 +477,7 @@ class ArmTemplateResource : ALZBase {
                 $policyDefinitionId = switch ($ExportFormat) {
                     "ArmResource" { "/providers/Microsoft.Management/managementGroups/contoso$($regexMatches.Value)" }
                     "ArmVariable" { "[concat(variables('scope'), '$($regexMatches.Value)')]" }
+                    "Bicep" { "`${varTargetManagementGroupResourceId}$($regexMatches.Value)" }
                     "Raw" { "$($policyDefinition.policyDefinitionId)" }
                     "Jinja2" { "$([ArmTemplateResource]::ConvertToTemplateVariable("root_scope_resource_id", $ExportFormat))$($regexMatches.Value)" }
                     "Terraform" { "$([ArmTemplateResource]::ConvertToTemplateVariable("root_scope_resource_id", $ExportFormat))$($regexMatches.Value)" }

diff --git a/src/Alz.Tools/Alz.Enums/Alz.Enums.psm1 b/src/Alz.Tools/Alz.Enums/Alz.Enums.psm1
@@ -44,4 +44,5 @@ enum ExportFormat {
     Raw
     Jinja2
     Terraform
+    Bicep
 }
diff --git a/src/Alz.Tools/functions/Alz.Tools.ps1 b/src/Alz.Tools/functions/Alz.Tools.ps1
@@ -37,6 +37,19 @@ param ()
     "Microsoft.Management/managementGroups/subscriptions"
 )
 
+[String[]]$removePolicyEscapingByFormat = @(
+    "Terraform"
+    "Bicep"
+)
+
+[String[]]$removePolicySetEscapingByFormat = @(
+    "Terraform"
+)
+
+[String[]]$removeResourceEscapingByFormat = @(
+    "Terraform"
+)
+
 ################################
 # Functions used within module #
 ################################
@@ -146,21 +159,21 @@ function GetObjectByResourceTypeFromJson {
     elseif ($regex_schema_managementGroupDeploymentTemplate.IsMatch($objectFromJson."`$schema")) {
         foreach ($policyDefinition in $objectFromJson.variables.policies.policyDefinitions) {
             ProcessObjectByResourceType `
-                -ResourceObject ($ExportFormat -eq "Terraform" ? (Remove-Escaping -InputObject $policyDefinition) : $policyDefinition) `
+                -ResourceObject ($ExportFormat -in $removePolicyEscapingByFormat ? (Remove-Escaping -InputObject $policyDefinition) : $policyDefinition) `
                 -ResourceType ("Microsoft.Authorization/policyDefinitions")
         }
         foreach ($policySetDefinition in $objectFromJson.variables.initiatives.policySetDefinitions) {
             ProcessObjectByResourceType `
-                -ResourceObject ($ExportFormat -eq "Terraform" ? (Remove-Escaping -InputObject $policySetDefinition) : $policySetDefinition) `
+                -ResourceObject ($ExportFormat -in $removePolicySetEscapingByFormat ? (Remove-Escaping -InputObject $policySetDefinition) : $policySetDefinition) `
                 -ResourceType ("Microsoft.Authorization/policySetDefinitions")
         }
         foreach (
-            $policySetDefinition in $objectFromJson.resources |
+            $policyDefinition in $objectFromJson.resources |
             Where-Object { $_.type -eq "Microsoft.Authorization/policyDefinitions" } |
             Where-Object { $_.name -ne "[variables('policies').policyDefinitions[copyIndex()].name]" }
         ) {
             ProcessObjectByResourceType `
-                -ResourceObject ($ExportFormat -eq "Terraform" ? (Remove-Escaping -InputObject $policySetDefinition) : $policySetDefinition) `
+                -ResourceObject ($ExportFormat -in $removePolicyEscapingByFormat ? (Remove-Escaping -InputObject $policyDefinition) : $policyDefinition) `
                 -ResourceType ("Microsoft.Authorization/policyDefinitions")
         }
         foreach (
@@ -169,14 +182,26 @@ function GetObjectByResourceTypeFromJson {
             Where-Object { $_.name -ne "[variables('initiatives').policySetDefinitions[copyIndex()].name]" }
         ) {
             ProcessObjectByResourceType `
-                -ResourceObject ($ExportFormat -eq "Terraform" ? (Remove-Escaping -InputObject $policySetDefinition) : $policySetDefinition) `
+                -ResourceObject ($ExportFormat -in $removePolicySetEscapingByFormat ? (Remove-Escaping -InputObject $policySetDefinition) : $policySetDefinition) `
                 -ResourceType ("Microsoft.Authorization/policySetDefinitions")
         }
     }
-    # The following elseif block handles resource files stored in ARM template format
+    # The following elseif block handles all policy definitions stored in ARM template format
+    elseif ($objectFromJson.type -eq "Microsoft.Authorization/policyDefinitions") {
+        ProcessObjectByResourceType `
+            -ResourceObject ($ExportFormat -in $removePolicyEscapingByFormat ? (Remove-Escaping -InputObject $objectFromJson) : $objectFromJson) `
+            -ResourceType $objectFromJson.type
+    }
+    # The following elseif block handles all policy set definitions stored in ARM template format
+    elseif ($objectFromJson.type -eq "Microsoft.Authorization/policySetDefinitions") {
+        ProcessObjectByResourceType `
+            -ResourceObject ($ExportFormat -in $removePolicySetEscapingByFormat ? (Remove-Escaping -InputObject $objectFromJson) : $objectFromJson) `
+            -ResourceType $objectFromJson.type
+    }
+    # The following elseif block handles all other allowed resource types stored in ARM template format
     elseif ($objectFromJson.type -in $allowedResourceTypes) {
         ProcessObjectByResourceType `
-            -ResourceObject ($ExportFormat -eq "Terraform" ? (Remove-Escaping -InputObject $objectFromJson) : $objectFromJson) `
+            -ResourceObject ($ExportFormat -in $removeResourceEscapingByFormat ? (Remove-Escaping -InputObject $objectFromJson) : $objectFromJson) `
             -ResourceType $objectFromJson.type
     }
     # The following block handles processing generic files where the source content is unknown
@@ -239,7 +264,7 @@ function Edit-LineEndings {
 
     Process {
 
-        [String[]]$outputText = $InputText |
+        [String[]]$outputText += $InputText |
         ForEach-Object { $_ -replace "`r`n", "`n" } |
         ForEach-Object { $_ -replace "`r", "`n" } |
         ForEach-Object { $_ -replace "`n", "$eol" }
-Original file line number
+Diff line change
@@ Expand Up / @@ -44,4 +44,5 @@ enum ExportFormat { @@
         Raw
         Jinja2
         Terraform
+        Bicep
     }