Multiple bug fixes (#576)

Docs/ci-cd-github-actions.md

@@ -19,7 +19,7 @@ You will need one [GitHub deployment environment](https://docs.github.com/en/act
 | TENANT-DEPLOY-POLICY | Deploy Policy resources for `tenant` | ci-cd-root-policy-contributor |
 | TENANT-DEPLOY-ROLES | Deploy Roles for `tenant` | ci-cd-root-user-assignments |
 
-For each environment, [add to the environment secrets](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets) for the tenant id, client id and client secret for the SPN. The secrets must be named `AZURE_TENANT_ID`, `AZURE_CLIENT_ID` and `AZURE_CLIENT_SECRET` respectively.
+For each environment, [add to the environment secrets](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets) for the tenant id, client id and client secret for the SPN. The secrets must be named `TENANT_ID`, `CLIENT_ID` and `CLIENT_SECRET` respectively.
 
 ### Hardening each Environment
 

Docs/ci-cd-overview.md

@@ -163,7 +163,7 @@ For saving the output related to ```Build-DeploymentPlans``` there is global var
 | `OutputFolder` | Output folder path for plan files. Defaults to environment variable `$env:PAC_OUTPUT_FOLDER` or `./Output`. |
 | `DevOpsType` | If set, outputs variables consumable by conditions in a DevOps pipeline. Default: not set. |
 | `BuildExemptionsOnly` | If set, only builds the Exemptions plan. This useful to fast-track Exemption when utilizing [Release Flow](#advanced-cicd-with-release-flow) Default: not set. |
-| `VirtualCores` | Number of (virtual) cores available to calculate the deployment plan. Defaults to 4. |
+| `VirtualCores` | **Deprecated - DO NOT USE** -- Number of (virtual) cores available to calculate the deployment plan. Defaults to 4. |
 
 
 ### Deploy-PolicyPlan.ps1
@@ -173,7 +173,7 @@ Deploys Policies, Policy Sets, Policy Assignments, and Policy Exemptions at thei
 |Parameter | Explanation |
 |----------|-------------|
 | `InputFolder` | Input folder path for plan files. Defaults to environment variable `$env:PAC_INPUT_FOLDER`, `$env:PAC_OUTPUT_FOLDER` or `./Output`. |
-| `VirtualCores` | Number of (virtual) cores available to deploy Policy objects in parallel. Defaults to 4. |
+| `VirtualCores` | **Deprecated - DO NOT USE** -- Number of (virtual) cores available to deploy Policy objects in parallel. Defaults to 4. |
 
 ### Deploy-RolesPlan.ps1
 

Docs/operational-scripts-reference.md

@@ -5,7 +5,7 @@
 Builds documentation from instructions in policyDocumentations folder reading the delployed Policy Resources from the EPAC envioronment.
 
 ```ps1
-Build-PolicyDocumentation [[-DefinitionsRootFolder] <String>] [[-OutputFolder] <String>] [-WindowsNewLineCells] [[-Interactive] <Boolean>] [-SuppressConfirmation] [-IncludeManualPolicies] [[-VirtualCores] <Int16>] [<CommonParameters>]
+Build-PolicyDocumentation [[-DefinitionsRootFolder] <String>] [[-OutputFolder] <String>] [-WindowsNewLineCells] [-Interactive <Boolean>] [-SuppressConfirmation] [-IncludeManualPolicies] [<CommonParameters>]
 ```
 
 ### Parameters
@@ -35,7 +35,7 @@ Suppresses prompt for confirmation to delete existing file in interactive mode
 
 Include Policies with effect Manual. Default: do not include Polcies with effect Manual.
 
-#### `-VirtualCores <Int16>`
+#### **Deprecated - DO NOT USE** -- `-VirtualCores <Int16>`
 
 Number of virtual cores to use for the operation. Default is 4.
 

Docs/start-changes.md

@@ -130,24 +130,3 @@ Updating JSON schema to the latest [specification 2020-12](https://json-schema.o
 ### Documentation Updates
 
 Reorganized the documentation to make it easier to find information. Added a new section on how to use the starter kit and how to use the Microsoft release flow.
-
-### Code Cleanup
-
-Ongoing cleanup of code: Removed unused code and improved code quality.
-
-### Performance
-
-Multiple lengthy sections of the code have been converted to parallel execution to improve performance. The change maybe ineffective if you limit the CI/CD agent to a single vCore or use the Azure DevOps provided CI/CD agents.
-
-The scripts `Build-DeploymentPlan`, `Deploy-PolicyPlan`, and `Build-PolicyDocumentation` have a new parameter `VirtualCores` to control the number of parallel threads and allowing you to optimize your performance. The code applies the following formula to adjust the `For-Each -Parallel` throttle limits (threads) based on the number of VirtualCores.
-
-- Threads = 1 x VirtualCores for pre-processing (pure compute) Policy and Policy Set parameters during Policy Assignment plan calculations
-- Threads = 2 x VirtualCores for Policy object deployment since it executes many REST calls to the Azure resource manager and therefore spends much of its time waiting on I/O. 
-- Threads = 4 (fixed) for reading and processing Policy resources; one each for
-  - Policy definitions
-  - Policy Set definitions
-  - Policy Assignments, Role Assignments, and Role Definitions
-  - Policy Exemptions
-
-Setting VirtualCores to zero (0) disables parallel processing. The default value is 4. EPAC also uses a minimum chunk size for deployments to avoid unnecessary overhead for small number of items.
-

Scripts/Deploy/Build-DeploymentPlans.ps1

@@ -19,9 +19,6 @@
 .PARAMETER DevOpsType
     If set, outputs variables consumable by conditions in a DevOps pipeline. Valid values are '', 'ado' and 'gitlab'.
 
-.PARAMETER VirtualCores
-    Number of virtual cores available to calculate the deployment plan. Defaults to 4.
-
 .EXAMPLE
     .\Build-DeploymentPlans.ps1 -PacEnvironmentSelector "dev"
 
@@ -58,15 +55,19 @@ param (
     [ValidateSet("ado", "gitlab", "")]
     [string] $DevOpsType = "",
 
-    [Parameter(HelpMessage = "Number of virtual cores available to calculate the deployment plan. Defaults to 4. A value of 0 disables parallel processing.")]
-    [Int16] $VirtualCores = 4
-
+    [Parameter(HelpMessage = "Deprecated.")]
+    [Int16] $VirtualCores = 0
 )
 
 $PSDefaultParameterValues = @{
     "Write-Information:InformationVariable" = "+global:epacInfoStream"
 }
 
+if ($VirtualCores -gt 0) {
+    Write-Warning "VirtualCores parameter is deprecated. parallel processing is no longer supported. Please remove the parameter!" -WarningAction Continue
+    $VirtualCores = 0
+}
+
 Clear-Variable -Name epacInfoStream -Scope global -Force -ErrorAction SilentlyContinue
 
 # Dot Source Helper Scripts
@@ -240,14 +241,11 @@ if ($buildSelections.buildAny) {
     $scopeTable = Build-ScopeTableForDeploymentRootScope -PacEnvironment $pacEnvironment
     $skipExemptions = -not $buildSelections.buildPolicyExemptions
     $skipRoleAssignments = -not $buildSelections.buildPolicyAssignments
-    $NoParallelProcessing = $VirtualCores -eq 0
-    # $NoParallelProcessing = $true # for debugging, disable parallel processing
     $deployedPolicyResources = Get-AzPolicyResources `
         -PacEnvironment $pacEnvironment `
         -ScopeTable $scopeTable `
         -SkipExemptions:$skipExemptions `
-        -SkipRoleAssignments:$skipRoleAssignments `
-        -NoParallelProcessing:$NoParallelProcessing
+        -SkipRoleAssignments:$skipRoleAssignments
 
     # Calculate roleDefinitionIds for built-in and inherited Policies
     $readOnlyPolicyDefinitions = $deployedPolicyResources.policydefinitions.readOnly
@@ -318,7 +316,7 @@ if ($buildSelections.buildAny) {
     $combinedPolicyDetails = Convert-PolicyResourcesToDetails `
         -AllPolicyDefinitions $allDefinitions.policydefinitions `
         -AllPolicySetDefinitions $allDefinitions.policysetdefinitions `
-        -VirtualCores $VirtualCores
+        -VirtualCores 4
 
     # Populate allAssignments
     $deployedPolicyAssignments = $deployedPolicyResources.policyassignments.managed