Swap individual policy assignments to alzDefaultPolicyAssignments module in E2E tests

.github/scripts/Set-AlzDefaultPolicyAssignment.ps1

@@ -0,0 +1,32 @@
+
+param (
+    #Added this back into parameters as error occurs if multiple tenants are found when using Get-AzTenant
+    [Parameter(Mandatory = $true)] [string] $ManagementGroupId,
+    [Parameter(Mandatory = $true)] [string] $parLocation,
+    [Parameter(Mandatory = $true)] [string] $templateFile,
+    [Parameter(Mandatory = $true)] [string] $parameterFile,
+    [Parameter(Mandatory = $true)] [string] $parTopLevelManagementGroupPrefix,
+    [Parameter(Mandatory = $true)] [string] $parLogAnalyticsWorkSpaceAndAutomationAccountLocation,
+    [Parameter(Mandatory = $true)] [string] $parLogAnalyticsWorkspaceResourceID,
+    [Parameter(Mandatory = $true)] [string] $parDdosProtectionPlanId
+)
+$state = 'fail'
+$i = 0
+$err.clear
+while ($i -lt 4 -and $state -eq 'fail') {
+    $ErrorActionPreference = "Stop"
+    Try {
+        New-AzManagementGroupDeployment -Managementgroupid $ManagementGroupId -Location $parLocation -TemplateFile $templateFile -TemplateParameterFile $parameterFile -parTopLevelManagementGroupPrefix $parTopLevelManagementGroupPrefix -parLogAnalyticsWorkSpaceAndAutomationAccountLocation $parLogAnalyticsWorkSpaceAndAutomationAccountLocation -parLogAnalyticsWorkspaceResourceID $parLogAnalyticsWorkspaceResourceID -parDdosProtectionPlanId $parDdosProtectionPlanId
+        $state = 'success'
+    }
+    Catch {
+        $i++
+        Write-Output "Default policy assignment failed with $error"
+        Write-Output "Iteration number $i"
+        Write-Output "Will retry in 30 seconds"
+        Start-Sleep -Seconds 30
+    }
+}
+If ($state -eq 'fail') {
+    Throw "Default policy assignment failed"
+}

tests/pipelines/bicep-build-to-validate.yml

@@ -28,7 +28,7 @@ jobs:
           git_diff1=$(git diff --name-only HEAD^ HEAD infra-as-code/bicep/modules/managementGroups/managementGroups.bicep)
           git_diff2=$(git diff --name-only HEAD^ HEAD infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep)
           git_diff3=$(git diff --name-only HEAD^ HEAD infra-as-code/bicep/modules/policy/definitions/custom-policy-definitions.bicep)
-          git_diff4=$(git diff --name-only HEAD^ HEAD infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep)
+          git_diff4=$(git diff --name-only HEAD^ HEAD infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep)
           git_diff5=$(git diff --name-only HEAD^ HEAD infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep)
           git_diff6=$(git diff --name-only HEAD^ HEAD infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep)
           if [[ $git_diff1 != '' ]] || [[ $git_diff2 != '' ]] || [[ $git_diff3 != '' ]] || [[ $git_diff4 != '' ]] || [[ $git_diff5 != '' ]] || [[ $git_diff6 != '' ]]
@@ -151,15 +151,6 @@ jobs:
       script: |
         az deployment group create --resource-group $(ResourceGroupName) --template-file infra-as-code/bicep/modules/logging/logging.bicep --parameters @infra-as-code/bicep/modules/logging/logging.parameters.example.json
 
-  - task: Bash@3    
-    displayName: Az CLI Policy Assignment DINE for PR
-    name: create_policy_assignment_dine
-    condition: and(ne(variables['gitManagementOUTPUT'], ''), ne(variables['subscriptionId'], ''))
-    inputs:
-      targetType: 'inline'
-      script: |
-        az deployment mg create --template-file infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep --parameters @infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.parameters.example.json parTopLevelManagementGroupPrefix=$(ManagementGroupPrefix) parLogAnalyticsWorkSpaceAndAutomationAccountLocation=$(Location) parLogAnalyticsWorkspaceResourceID="/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.OperationalInsights/workspaces/alz-log-analytics" parDdosProtectionPlanId="/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.Network/ddosProtectionPlans/alz-Ddos-Plan" --location $(Location) --management-group-id "$(ManagementGroupPrefix)-platform"
-
   - task: Bash@3    
     displayName: Az CLI Subscription Placement for PR
     name: move_sub
@@ -169,6 +160,18 @@ jobs:
       script: |
         az deployment mg create --template-file infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep --parameters @infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.parameters.example.json parTargetManagementGroupId=$(ManagementGroupPrefix)-platform-connectivity parSubscriptionIds='[$(subscriptionId)]' --location $(Location) --management-group-id $(ManagementGroupPrefix)
 
+  - task: AzurePowerShell@5
+    displayName: Az CLI Policy Assignment DINE for PR
+    name: alz_default_policy_assignments
+    condition: and(ne(variables['gitManagementOUTPUT'], ''), ne(variables['subscriptionId'], ''))
+    inputs:
+      azureSubscription: 'azserviceconnection'
+      ScriptType: 'FilePath'
+      ScriptPath: '.github/scripts/Set-AlzDefaultPolicyAssignment.ps1'
+      ScriptArguments: '-ManagementGroupId "$(ManagementGroupPrefix)-platform" -parLocation $(Location) -templateFile ./infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep -parameterFile .\infra-as-code\bicep\modules\policy\assignments\alzDefaults\alzDefaultPolicyAssignments.parameters.example.json -parTopLevelManagementGroupPrefix $(ManagementGroupPrefix) -parLogAnalyticsWorkSpaceAndAutomationAccountLocation $(Location) -parLogAnalyticsWorkspaceResourceID "/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.OperationalInsights/workspaces/alz-log-analytics" -parDdosProtectionPlanId "/subscriptions/$(subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.Network/ddosProtectionPlans/alz-Ddos-Plan"'
+      azurePowerShellVersion: 'LatestVersion'
+      pwsh: true
+
   - task: Bash@3    
     displayName: Az CLI Deploy Hub Networking for PR
     name: create_hub_network