feat: allow single parameter dns zone policy (#1821)

Co-authored-by: Jack Tracey <[email protected]>
Azure · Nov 5, 2024 · 257a2a1 · 257a2a1
1 parent 740dcf3
commit 257a2a1
Show file tree

Hide file tree

Showing 5 changed files with 298 additions and 87 deletions.
diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md
@@ -72,6 +72,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones:
   - Bot Service (new) -> AI Bot Services
 - Updated the initiative [Deploy-MDFC-Config_20240319](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html) to include an additional parameter that allows you to specify if the Defender for Cloud export to Log Analytics should create a new resource group. This is useful when you want to specify the resource group name or requires tags on resource groups. Will be used by other RIs - Terraform and Bicep (portal accelerator will use default values).
 - Updated Automation Account to disable local authentication by default.
+- Updated the initiative [Deploy-Private-DNS-Zones](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-Private-DNS-Zones.html) to reduce the number of parameters required while retaining backward compatibility. The initiative now only requires the subscription ID, resource group name, and location for the private DNS zone. The DNS zone resource id is now generated based on those inputs. This simplifies usage in the upstream Terraform and Bicep modules.
 
 #### Known Issue
 

diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-PrivateDNSZonesPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-PrivateDNSZonesPolicyAssignment.json
@@ -170,9 +170,9 @@
             "azureIotCentralPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azureiotcentral.com')]",
             "azureStorageTablePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.table.core.windows.net')]",
             "azureStorageTableSecondaryPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.table.core.windows.net')]",
-            "azureSiteRecoveryBackupPrivateDnsZoneID": "[concat(variables('baseId'), replace('privatelink.regionGeoShortCode.backup.windowsazure.com','regionGeoShortCode',variables('azBackupGeoCodes')[toLower(parameters('location'))]))]",
-            "azureSiteRecoveryBlobPrivateDnsZoneID": "[concat(variables('baseId'), 'privatelink.blob.core.windows.net')]",
-            "azureSiteRecoveryQueuePrivateDnsZoneID": "[concat(variables('baseId'), 'privatelink.queue.core.windows.net')]"
+            "azureSiteRecoveryBackupPrivateDnsZoneId": "[concat(variables('baseId'), replace('privatelink.regionGeoShortCode.backup.windowsazure.com','regionGeoShortCode',variables('azBackupGeoCodes')[toLower(parameters('location'))]))]",
+            "azureSiteRecoveryBlobPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.blob.core.windows.net')]",
+            "azureSiteRecoveryQueuePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.queue.core.windows.net')]"
         },
         "policyDefinitions": {
             "deployPrivateDnsZones": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones')]"
@@ -404,14 +404,14 @@
                     "azureStorageTableSecondaryPrivateDnsZoneId": {
                         "value": "[variables('policyParameterMapping').azureStorageTableSecondaryPrivateDnsZoneId]"
                     },
-                    "azureSiteRecoveryBackupPrivateDnsZoneID": {
-                        "value": "[variables('policyParameterMapping').azureSiteRecoveryBackupPrivateDnsZoneID]"
+                    "azureSiteRecoveryBackupPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureSiteRecoveryBackupPrivateDnsZoneId]"
                     },
-                    "azureSiteRecoveryBlobPrivateDnsZoneID": {
-                        "value": "[variables('policyParameterMapping').azureSiteRecoveryBlobPrivateDnsZoneID]"
+                    "azureSiteRecoveryBlobPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureSiteRecoveryBlobPrivateDnsZoneId]"
                     },
-                    "azureSiteRecoveryQueuePrivateDnsZoneID": {
-                        "value": "[variables('policyParameterMapping').azureSiteRecoveryQueuePrivateDnsZoneID]"
+                    "azureSiteRecoveryQueuePrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureSiteRecoveryQueuePrivateDnsZoneId]"
                     }
                 }
             }