Patch policy library for Azure China

.github/scripts/Invoke-PolicyToBicep-China.ps1

@@ -111,13 +111,13 @@ $policyDefCount = Get-ChildItem -Recurse -Path "./infra-as-code/bicep/modules/po
 $policyDefCountString = $policyDefCount.Count
 Write-Information "====> Policy Set/Initiative Definitions Total: $policyDefCountString" -InformationAction Continue
 
-# Policy Asssignments - no separate policy assignments for Azure China, reusing the same assignments as Azure global regions
+# Policy Asssignments - separate policy assignments for Azure China due to different policy definitions - missing built-in policies, and features
 
-Write-Information "====> Creating/Emptying '_policyAssignmentsBicepInput.txt'" -InformationAction Continue
-Set-Content -Path "./infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/_policyAssignmentsBicepInput.txt" -Value $null -Encoding "utf8"
+Write-Information "====> Creating/Emptying '_mc_policyAssignmentsBicepInput.txt'" -InformationAction Continue
+Set-Content -Path "./infra-as-code/bicep/modules/policy/assignments/lib/china/policy_assignments/_mc_policyAssignmentsBicepInput.txt" -Value $null -Encoding "utf8"
 
 Write-Information "====> Looping Through Policy Assignments:" -InformationAction Continue
-Get-ChildItem -Recurse -Path "./infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments" -Filter "*.json" | ForEach-Object {
+Get-ChildItem -Recurse -Path "./infra-as-code/bicep/modules/policy/assignments/lib/china/policy_assignments" -Filter "*.json" | ForEach-Object {
     $policyAssignment = Get-Content $_.FullName | ConvertFrom-Json -Depth 100
 
     $policyAssignmentName = $policyAssignment.name
@@ -127,10 +127,10 @@ Get-ChildItem -Recurse -Path "./infra-as-code/bicep/modules/policy/assignments/l
     # Remove hyphens from Policy Assignment Name
     $policyAssignmentNameNoHyphens = $policyAssignmentName.replace("-","")
 
-    Write-Information "==> Adding '$policyAssignmentName' to '$PWD/_policyAssignmentsBicepInput.txt'" -InformationAction Continue
-    Add-Content -Path "./infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/_policyAssignmentsBicepInput.txt" -Encoding "utf8" -Value "var varPolicyAssignment$policyAssignmentNameNoHyphens = {`r`n`tdefinitionId: '$policyAssignmentDefinitionID'`r`n`tlibDefinition: json(loadTextContent('../../policy/assignments/lib/policy_assignments/$fileName'))`r`n}`r`n"
+    Write-Information "==> Adding '$policyAssignmentName' to '$PWD/_mc_policyAssignmentsBicepInput.txt'" -InformationAction Continue
+    Add-Content -Path "./infra-as-code/bicep/modules/policy/assignments/lib/china/policy_assignments/_mc_policyAssignmentsBicepInput.txt" -Encoding "utf8" -Value "var varPolicyAssignment$policyAssignmentNameNoHyphens = {`r`n`tdefinitionID: '$policyAssignmentDefinitionID'`r`n`tlibDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/$fileName'))`r`n}`r`n"
 }
 
-$policyAssignmentCount = Get-ChildItem -Recurse -Path "./infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments" -Filter "*.json" | Measure-Object
+$policyAssignmentCount = Get-ChildItem -Recurse -Path "./infra-as-code/bicep/modules/policy/assignments/lib/china/policy_assignments" -Filter "*.json" | Measure-Object
 $policyAssignmentCountString = $policyAssignmentCount.Count
-Write-Information "====> Policy Assignments Total: $policyAssignmentCountString" -InformationAction Continue
+Write-Information "====> Policy Assignments Total: $policyAssignmentCountString" -InformationAction Continue

.github/workflows/update-policy-china.yml

@@ -88,7 +88,7 @@ jobs:
         run: |
           echo "Pushing changes to origin..."
           git add infra-as-code/bicep/modules/policy/definitions/lib/china
-          git add infra-as-code/bicep/modules/policy/assignments/lib
+          git add infra-as-code/bicep/modules/policy/assignments/lib/china
           git commit -m '${{ env.pr_title }}'
           git push origin ${{ env.branch_name }}
         working-directory: ${{ github.repository }}

infra-as-code/bicep/modules/policy/assignments/alzDefaults/README.md

@@ -29,7 +29,7 @@ The module does not generate any outputs.
 
 > For the examples below we assume you have downloaded or cloned the Git repo as-is and are in the root of the repository as your selected directory in your terminal of choice.
 <!-- markdownlint-disable -->
-> **Important:** If you decide to not use a DDoS Standard plan in your environment and therefore leave the parameter `parDdosProtectionPlanId` as an empty string (`''`) then the policy Enable-DDoS-VNET will not be assigned at connectivity or landing zone Management Groups to avoid VNET deployment issues. 
+> **Important:** If you decide to not use a DDoS Standard plan in your environment and therefore leave the parameter `parDdosProtectionPlanId` as an empty string (`''`) then the policy Enable-DDoS-VNET will not be assigned at connectivity or landing zone Management Groups to avoid VNET deployment issues. For deployment in Azure China, leave the parameter `parDdosProtectionPlanId` as an empty string (`''`) because the DDoS Protection feature is not available in Azure China.
 > 
 > However, if you later do decide to deploy an DDoS Standard Plan, you will need to remember to come back and update the parameter `parDdosProtectionPlanId` with the resource ID of the DDoS Standard Plan to ensure the policy is applied to the relevant Management Groups. You can then use a policy [remediation task](https://docs.microsoft.com/azure/governance/policy/how-to/remediate-resources) to bring all non-compliant VNETs back into compliance, once a [compliance scan](https://docs.microsoft.com/azure/governance/policy/how-to/get-compliance-data#evaluation-triggers) has taken place.
 <!-- markdownlint-restore -->
@@ -47,7 +47,7 @@ OR
 ```bash
 # For Azure China regions
 az deployment mg create \
-  --template-file infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep \
+  --template-file infra-as-code/bicep/modules/policy/assignments/alzDefaults/mc-alzDefaultPolicyAssignments.bicep \
   --parameters @infra-as-code/bicep/modules/policy/assignments/alzDefaults/parameters/alzDefaultPolicyAssignments.parameters.all.json \
   --location chinaeast2 \
   --management-group-id alz
@@ -67,7 +67,7 @@ OR
 ```powershell
 # For Azure China regions
 New-AzManagementGroupDeployment `
-  -TemplateFile infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep `
+  -TemplateFile infra-as-code/bicep/modules/policy/assignments/alzDefaults/mc-alzDefaultPolicyAssignments.bicep `
   -TemplateParameterFile infra-as-code/bicep/modules/policy/assignments/alzDefaults/parameters/alzDefaultPolicyAssignments.parameters.all.json `
   -Location chinaeast2 `
   -ManagementGroupId alz