Merge pull request #287 from Azure/enhancement256

Bugfix 285 and Feature 256 Complete
Azure · Jul 15, 2023 · d87eead · d87eead
2 parents e00ac72 + 686a5dc
commit d87eead
Show file tree

Hide file tree

Showing 107 changed files with 1,855 additions and 1,896 deletions.
diff --git a/Docs/breaking-changes.md b/Docs/breaking-changes.md
@@ -9,7 +9,7 @@ Introducing a new approach using PowerShell Module. This not (actually) breaking
 The move from synchronizing your repo with the GitHub repo to a PowerShell module necessitated the reworking of the default values for `Definitions`, `Output`, and `Input` folders. Many scripts use parameters for definitions, input and output folders. They default to the current directory, which should be the root of the repo. make sure that the current directory is the root of your repo. We recommend that you do one of the following approaches instead of accepting the default:
 
 - Set the environment variables `PAC_DEFINITIONS_FOLDER`, `PAC_OUTPUT_FOLDER`, and `PAC_INPUT_FOLDER`.
-- Use the script parameters `-definitionsRootFolder`, `-outputFolder`, and `-inputFolder` (They vary by script).
+- Use the script parameters `-DefinitionsRootFolder`, `-OutputFolder`, and `-InputFolder` (They vary by script).
 
 ## Breaking changes in v6.0
 
@@ -26,7 +26,7 @@ To increase execution speed and pipeline uniformity:
 
 Change pipeline definition:
 
-- Change usage of task: `AzureCLI@2` to task: `AzurePowerShell@5`. Use `-devOpsType "ado"` for Azure DevOps or `-devOpsType "gitlab"` for Gitlab pipelines.
+- Change usage of task: `AzureCLI@2` to task: `AzurePowerShell@5`. Use `-DevOpsType "ado"` for Azure DevOps or `-DevOpsType "gitlab"` for Gitlab pipelines.
 
 ```yaml
     - task: AzurePowerShell@5
@@ -38,8 +38,8 @@ Change pipeline definition:
         azurePowerShellVersion: LatestVersion
         ScriptPath: "Scripts/Deploy/Build-DeploymentPlans.ps1"
         ScriptArguments:
-          -pacEnvironmentSelector $(pacEnvironmentSelector) `
-          -devOpsType "ado" `
+          -PacEnvironmentSelector $(pacEnvironmentSelector) `
+          -DevOpsType "ado" `
           -InformationAction Continue
 ```
 

diff --git a/Docs/ci-cd-pipeline.md b/Docs/ci-cd-pipeline.md
@@ -182,9 +182,9 @@ While this script intended to be used, they can be run manually to create a semi
 
 |Parameter | Explanation |
 |----------|-------------|
-| `pacEnvironmentSelector` | Selects the EPAC environment for this plan. If omitted, interactively prompts for the value. |
-| `definitionsRootFolder` | Definitions folder path. Defaults to environment variable `$env:PAC_DEFINITIONS_FOLDER` or `./Definitions`. It must contain file `global-settings.jsonc`. |
-| `interactive` | Defaults to `$false`. |
+| `PacEnvironmentSelector` | Selects the EPAC environment for this plan. If omitted, interactively prompts for the value. |
+| `DefinitionsRootFolder` | Definitions folder path. Defaults to environment variable `$env:PAC_DEFINITIONS_FOLDER` or `./Definitions`. It must contain file `global-settings.jsonc`. |
+| `Interactive` | Defaults to `$false`. |
 
 ### Build-DeploymentPlans.ps1
 
@@ -194,24 +194,24 @@ In addition to the [common parameters](#common-script-parameters), these paramet
 
 |Parameter | Explanation |
 |----------|-------------|
-| `outputFolder` | Output folder path for plan files. Defaults to environment variable `$env:PAC_OUTPUT_FOLDER` or `./Output`. |
-| `devOpsType` | If set, outputs variables consumable by conditions in a DevOps pipeline. Default: not set. |
+| `OutputFolder` | Output folder path for plan files. Defaults to environment variable `$env:PAC_OUTPUT_FOLDER` or `./Output`. |
+| `DevOpsType` | If set, outputs variables consumable by conditions in a DevOps pipeline. Default: not set. |
 
 ### Deploy-PolicyPlan.ps1
 
 Deploys Policies, Policy Sets, Policy Assignments, and Policy Exemptions at their desired scope based on the plan.
 
 |Parameter | Explanation |
 |----------|-------------|
-| `inputFolder` | Input folder path for plan files. Defaults to environment variable `$env:PAC_INPUT_FOLDER`, `$env:PAC_OUTPUT_FOLDER` or `./Output`. |
+| `InputFolder` | Input folder path for plan files. Defaults to environment variable `$env:PAC_INPUT_FOLDER`, `$env:PAC_OUTPUT_FOLDER` or `./Output`. |
 
 ### Deploy-RolesPlan.ps1
 
 Creates the role assignments for the Managed Identities required for `DeployIfNotExists` and `Modify` Policies.
 
 |Parameter | Explanation |
 |----------|-------------|
-| `inputFolder` | Input folder path for plan files. Defaults to environment variable `$env:PAC_INPUT_FOLDER`, `$env:PAC_OUTPUT_FOLDER` or `./Output`. |
+| `InputFolder` | Input folder path for plan files. Defaults to environment variable `$env:PAC_INPUT_FOLDER`, `$env:PAC_OUTPUT_FOLDER` or `./Output`. |
 
 ## Consuming Excel Files
 

diff --git a/Docs/clone-github.md b/Docs/clone-github.md
@@ -44,9 +44,9 @@ The repo contains a script to synchronize directories in both directions: `Sync-
 
 |Parameter | Required | Explanation |
 |----------|----------|-------------|
-| `sourceDirectory` | Required | Directory with the source (forked repo) |
-| `destinationDirectory` | Required | Directory with the destination (your private repo) |
-| `suppressDeleteFiles` | Optional | Switch parameter to suppress deleting files in `$destinationDirectory` tree |
+| `SourceDirectory` | Required | Directory with the source (forked repo) |
+| `DestinationDirectory` | Required | Directory with the destination (your private repo) |
+| `SuppressDeleteFiles` | Optional | Switch parameter to suppress deleting files in `$destinationDirectory` tree |
 
 ## Process for Development (Maintainers Only)
 
@@ -78,4 +78,4 @@ The repo contains a script to synchronize directories in both directions: `Sync-
 * validate the changes for conflicts
 * PR `enterprise-policy-as-code` branch created above to the main branch
 * Create a [release in GitHub `enterprise-policy-as-code` repo](module-release-process.md)
-* Delete the branch in `enterprise-policy-as-code` repo
+* Delete the branch in `enterprise-policy-as-code` repo
diff --git a/Docs/definitions-and-global-settings.md b/Docs/definitions-and-global-settings.md
@@ -15,10 +15,10 @@ This `Definitions` folder and subfolders contains all your definitions. The `Syn
 
 `global-settings.jsonc` has following sections explained below:
 
-- `pacOwnerId` uniquely identifies deployments from a specific repo. We recommend using a GUID.
-- `pacEnvironments` defines the EPAC environments.
+- `PacOwnerId` uniquely identifies deployments from a specific repo. We recommend using a GUID.
+- `PacEnvironments` defines the EPAC environments.
 - `managedIdentityLocations` is used in Policy Assignments as the location of the created Managed Identities.
-- `globalNotScopes` defines scopes not subject to the Policy Assignments.
+- `GlobalNotScopes` defines scopes not subject to the Policy Assignments.
 
 ### JSON Schema
 

diff --git a/Docs/desired-state-strategy.md b/Docs/desired-state-strategy.md
@@ -60,7 +60,7 @@ While transitioning to EPAC, existing Policy resources may need to be kept. Sett
 
 In rare cases you may need to exclude individual child scopes, or Policy resources from management by an EPAC solution.
 
-By default, Policy Assignments at resource groups are not managed by EPAC. Prior to v6.0, managing resource groups was to expensive. If you used the `-includeResourceGroup` switch in prior versions, set `includeResourceGroups` to `true` to achieve the same effect.
+By default, Policy Assignments at resource groups are not managed by EPAC. Prior to v6.0, managing resource groups was to expensive. If you used the `-IncludeResourceGroup` switch in prior versions, set `includeResourceGroups` to `true` to achieve the same effect.
 
 ![image.png](Images/shared-excluded.png)
 
@@ -89,7 +89,7 @@ You can exclude any combination of scopes, Policies, Policy Sets and Policy Assi
 
 ## Use case 6: Include Resource Groups
 
-By default, Policy Assignments at resource groups are not managed by EPAC. Prior to v6.0, managing resource groups was to expensive. **Breaking change:** If you used the `-includeResourceGroup` switch in prior versions, set `includeResourceGroups` to `true` to achieve the same effect.
+By default, Policy Assignments at resource groups are not managed by EPAC. Prior to v6.0, managing resource groups was to expensive. **Breaking change:** If you used the `-IncludeResourceGroup` switch in prior versions, set `includeResourceGroups` to `true` to achieve the same effect.
 
 ```json
 "desiredState": {

diff --git a/Docs/extract-existing-policy-resources.md b/Docs/extract-existing-policy-resources.md
@@ -12,15 +12,15 @@ The script works for two principal use cases indicated by three modes:
 
 ## Use case 1: Interactive or non-interactive single tenant
 
-`-mode 'export'` is used to collect the Policy resources and generate the definitions file. This works for `-interactive $true` (the default) to extract Policy resources in single tenant or multi-tenant scenario, prompting the user to logon to each new tenant in turn.
+`-Mode 'export'` is used to collect the Policy resources and generate the definitions file. This works for `-Interactive $true` (the default) to extract Policy resources in single tenant or multi-tenant scenario, prompting the user to logon to each new tenant in turn.
 
 It also works for a single tenant scenario for an automated collection, assuming that the Service Principal has read permissions for every EPAC Environment in `global-settings.jsonc`.
 
 ```ps1
 Export-AzPolicyResources
 ```
 
-The parameter `-inputPacSelector` can be used to only extract Policy resources for one of the EPAC environments.
+The parameter `-InputPacSelector` can be used to only extract Policy resources for one of the EPAC environments.
 
 !!! warning
     The script deletes the `$outputFolders/Definitions` folder before creating a new set of files. In interactive mode it will ask for confirmation before deleting the directory.
@@ -35,19 +35,19 @@ Collect the raw information for very EPAC environment after logging into each EP
 
 ```ps1
 Connect-AzAccount -Environment $cloud -Tenant $tenantIdForDev
-Export-AzPolicyResources -interactive $false -mode collectRawFile -inputPacSelector 'epac-dev'
+Export-AzPolicyResources -Interactive $false -Mode collectRawFile -InputPacSelector 'epac-dev'
 
 Connect-AzAccount -Environment $cloud -Tenant $tenantId1
-Export-AzPolicyResources -interactive $false -mode collectRawFile -inputPacSelector 'tenant1'
+Export-AzPolicyResources -Interactive $false -Mode collectRawFile -InputPacSelector 'tenant1'
 
 Connect-AzAccount -Environment $cloud -Tenant $tenantId2
-Export-AzPolicyResources -interactive $false -mode collectRawFile -inputPacSelector 'tenant2'
+Export-AzPolicyResources -Interactive $false -Mode collectRawFile -InputPacSelector 'tenant2'
 ```
 
 Next, the collected raw files are used to generate the same output:
 
 ```ps1
-Export-AzPolicyResources -interactive $false -mode exportFromRawFiles
+Export-AzPolicyResources -Interactive $false -Mode exportFromRawFiles
 ```
 
 !!! warning
@@ -58,18 +58,18 @@ Export-AzPolicyResources -interactive $false -mode exportFromRawFiles
 The extractions are subject to the following assumptions and caveats:
 
 * Assumes Policies and Policy Sets with the same name define the same properties independent of scope and EPAC environment.
-* Ignores Assignments auto-assigned by Defender for Cloud. This behavior can be overridden with the switch parameter `-includeAutoAssigned`.
+* Ignores Assignments auto-assigned by Defender for Cloud. This behavior can be overridden with the switch parameter `-IncludeAutoAssigned`.
 
 ## Script parameters
 
 |Parameter | Explanation |
 |----------|-------------|
-| `definitionsRootFolder` | Definitions folder path. Defaults to environment variable `$env:PAC_DEFINITIONS_FOLDER` or `./Definitions`. It contains `global-settings.jsonc`.
-| `outputFolder` | Output Folder. Defaults to environment variable `$env:PAC_OUTPUT_FOLDER` or `./Outputs`.
-| `interactive` | Script is being run interactively and can request az login. It will also prompt for each file to process or skip. Defaults to $true. |
-| `includeChildScopes` | Switch parameter to include Policies and Policy Sets in child scopes; child scopes are normally ignored for definitions. This does not impact Policy Assignments. |
-| `includeAutoAssigned` | Switch parameter to include Assignments auto-assigned by Defender for Cloud. |
-| `exemptionFiles` | Create Exemption files (none=suppress, csv=as a csv file, json=as a json or jsonc file). Defaults to 'csv'. |
-| `fileExtension` | Controls the output files extension. Default is `jsonc` but `json` is also accepted |
-| `mode` | a) `export` exports EPAC environments, must be used with -interactive in a multi-tenant scenario<br/> b) `collectRawFile` exports the raw data only; used with `inputPacSelector` when running non-interactive in a multi-tenant scenario to collect the raw data once per tenant <br/> c) `exportFromRawFiles` reads the files generated with one or more runs of b) and outputs the files like the normal 'export' without re-reading the environment. |
-| `inputPacSelector` | Limits the collection to one EPAC environment, useful for non-interactive use in a multi-tenant scenario, especially with -mode 'collectRawFile'. Default is `'*'` which will execute all EPAC environments. This can be used in other scenarios.|
+| `DefinitionsRootFolder` | Definitions folder path. Defaults to environment variable `$env:PAC_DEFINITIONS_FOLDER` or `./Definitions`. It contains `global-settings.jsonc`.
+| `OutputFolder` | Output Folder. Defaults to environment variable `$env:PAC_OUTPUT_FOLDER` or `./Outputs`.
+| `Interactive` | Script is being run interactively and can request az login. It will also prompt for each file to process or skip. Defaults to $true. |
+| `IncludeChildScopes` | Switch parameter to include Policies and Policy Sets in child scopes; child scopes are normally ignored for definitions. This does not impact Policy Assignments. |
+| `IncludeAutoAssigned` | Switch parameter to include Assignments auto-assigned by Defender for Cloud. |
+| `ExemptionFiles` | Create Exemption files (none=suppress, csv=as a csv file, json=as a json or jsonc file). Defaults to 'csv'. |
+| `FileExtension` | Controls the output files extension. Default is `jsonc` but `json` is also accepted |
+| `Mode` | a) `export` exports EPAC environments, must be used with -Interactive in a multi-tenant scenario<br/> b) `collectRawFile` exports the raw data only; used with `InputPacSelector` when running non-Interactive in a multi-tenant scenario to collect the raw data once per tenant <br/> c) `exportFromRawFiles` reads the files generated with one or more runs of b) and outputs the files like the normal 'export' without re-reading the environment. |
+| `InputPacSelector` | Limits the collection to one EPAC environment, useful for non-Interactive use in a multi-tenant scenario, especially with -Mode 'collectRawFile'. Default is `'*'` which will execute all EPAC environments. This can be used in other scenarios.|