feat: flatten permissions (#525)

## Pull Request

Improve cleanup and flatten permissions

Author: jaredfholgate

src/ALZ/ALZ.psd1

@@ -41,6 +41,8 @@ Included Cmdlets:
 - Grant-SubscriptionCreatorRole: Grants the Subscription Creator role to a specified user or service principal.
 - Remove-PlatformLandingZone: Removes the deployed Azure Landing Zone from your Azure subscription
 - New-AcceleratorFolderStructure: Creates a new folder structure for the Azure Landing Zone accelerator with necessary configuration files.
+- Remove-GitHubAccelerator: Removes GitHub resources (repositories, teams, runner groups) created by the ALZ accelerator bootstrap.
+- Remove-AzureDevOpsAccelerator: Removes Azure DevOps resources (projects, agent pools) created by the ALZ accelerator bootstrap.
 '@
 
     CompatiblePSEditions = 'Core'
@@ -87,7 +89,9 @@ Included Cmdlets:
         'Deploy-Accelerator',
         'Grant-SubscriptionCreatorRole',
         'Remove-PlatformLandingZone',
-        'New-AcceleratorFolderStructure'
+        'New-AcceleratorFolderStructure',
+        'Remove-GitHubAccelerator',
+        'Remove-AzureDevOpsAccelerator'
     )
 
     # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.

src/ALZ/Private/Config-Helpers/Format-TokenizedConfigurationString.ps1

@@ -15,7 +15,7 @@ function Format-TokenizedConfigurationString {
         if ($null -ne $configuration.$value) {
             $returnValue += $configuration.$value.Value
         } elseif (($null -eq $configuration.$value) -and $isToken) {
-            Write-InformationColored "Specified replacement token '${value}' not found in configuration." -ForegroundColor Yellow -InformationAction Continue
+            Write-ToConsoleLog "Specified replacement token '${value}' not found in configuration." -IsWarning
             $returnValue += "{%$value%}"
         } else {
             $returnValue += $value

src/ALZ/Private/Config-Helpers/Remove-TerraformMetaFileSet.ps1

@@ -12,7 +12,9 @@ function Remove-TerraformMetaFileSet {
             ".terraform.lock.hcl",
             "examples",
             "yaml.tf",
-            ".alzlib"
+            ".alzlib",
+            "tfplan",
+            "tfplan.json"
         ),
         [Parameter(Mandatory = $false)]
         [switch]$writeVerboseLogs

src/ALZ/Private/Config-Helpers/Set-Config.ps1

@@ -150,7 +150,7 @@ function Set-Config {
                 continue
             }
 
-            Write-InformationColored "Input not supplied, and no default for $($configurationValue.Name)..." -ForegroundColor Red -InformationAction Continue
+            Write-ToConsoleLog "Input not supplied, and no default for $($configurationValue.Name)..." -IsError
             throw "Input not supplied, and no default for $($configurationValue.Name)..."
         }
 

src/ALZ/Private/Deploy-Accelerator-Helpers/AcceleratorInputSchema.json

@@ -30,29 +30,25 @@
           "properties": {
             "management": {
               "description": "The subscription ID for the Management subscription where logging, monitoring, and automation resources will be deployed",
-              "type": "string",
-              "format": "guid",
+              "type": "guid",
               "required": true,
               "source": "subscription"
             },
             "identity": {
               "description": "The subscription ID for the Identity subscription where identity resources like domain controllers will be deployed",
-              "type": "string",
-              "format": "guid",
+              "type": "guid",
               "required": true,
               "source": "subscription"
             },
             "connectivity": {
               "description": "The subscription ID for the Connectivity subscription where networking resources like hubs, firewalls, and DNS will be deployed",
-              "type": "string",
-              "format": "guid",
+              "type": "guid",
               "required": true,
               "source": "subscription"
             },
             "security": {
               "description": "The subscription ID for the Security subscription where security monitoring and governance resources will be deployed",
-              "type": "string",
-              "format": "guid",
+              "type": "guid",
               "required": true,
               "source": "subscription"
             }
@@ -61,8 +57,7 @@
         "bootstrap_subscription_id": {
           "description": "The subscription ID where bootstrap resources will be created. See Decision 8 in the planning phase.",
           "helpLink": "https://azure.github.io/Azure-Landing-Zones/accelerator/0_planning/#decision-8---choose-the-bootstrap-subscription",
-          "type": "string",
-          "format": "guid",
+          "type": "guid",
           "required": true,
           "source": "subscription"
         },
@@ -190,12 +185,6 @@
           "type": "boolean",
           "required": true
         },
-        "grant_permissions_to_current_user": {
-          "description": "Whether to grant permissions for the current Azure CLI user to be able to deploy the Platform Landing Zones. Set to false if you plan to configure a third-party Version Control System.",
-          "helpLink": "https://azure.github.io/Azure-Landing-Zones/accelerator/advancedscenarios/",
-          "type": "boolean",
-          "required": true
-        },
         "target_directory": {
           "description": "The target directory for generated files. Leave empty to use the standard output directory.",
           "helpLink": "https://azure.github.io/Azure-Landing-Zones/accelerator/advancedscenarios/",

src/ALZ/Private/Deploy-Accelerator-Helpers/Get-AzureContext.ps1

@@ -14,9 +14,9 @@ function Get-AzureContext {
     When set, clears the cached Azure context and fetches fresh data from Azure.
     .OUTPUTS
     Returns a hashtable with the following keys:
-    - ManagementGroups: Array of objects with id and displayName properties
-    - Subscriptions: Array of objects with id and name properties
-    - Regions: Array of objects with name, displayName, and hasAvailabilityZones properties
+    - ManagementGroups: Array of label/value objects for menu selection
+    - Subscriptions: Array of label/value objects for menu selection
+    - Regions: Array of label/value objects for menu selection (includes [AZ] indicator)
     #>
     [CmdletBinding()]
     param(
@@ -35,7 +35,7 @@ function Get-AzureContext {
     # Clear cache if requested
     if ($ClearCache.IsPresent -and (Test-Path $cacheFilePath)) {
         Remove-Item -Path $cacheFilePath -Force
-        Write-InformationColored "Azure context cache cleared." -ForegroundColor Yellow -InformationAction Continue
+        Write-ToConsoleLog "Azure context cache cleared." -IsSuccess
     }
 
     # Check if valid cache exists
@@ -45,8 +45,8 @@ function Get-AzureContext {
         if ($cacheAge.TotalHours -lt $cacheExpirationHours) {
             try {
                 $cachedContext = Get-Content -Path $cacheFilePath -Raw | ConvertFrom-Json -AsHashtable
-                Write-InformationColored "Using cached Azure context (cached $([math]::Round($cacheAge.TotalMinutes)) minutes ago). Use -clearCache to refresh." -ForegroundColor Gray -InformationAction Continue
-                Write-InformationColored "  Found $($cachedContext.ManagementGroups.Count) management groups, $($cachedContext.Subscriptions.Count) subscriptions, and $($cachedContext.Regions.Count) regions" -ForegroundColor Gray -InformationAction Continue
+                Write-ToConsoleLog "Using cached Azure context (cached $([math]::Round($cacheAge.TotalMinutes)) minutes ago). Use -clearCache to refresh."
+                Write-ToConsoleLog "Found $($cachedContext.ManagementGroups.Count) management groups, $($cachedContext.Subscriptions.Count) subscriptions, and $($cachedContext.Regions.Count) regions"
                 return $cachedContext
             } catch {
                 Write-Verbose "Failed to read cache file, will fetch fresh data."
@@ -60,7 +60,7 @@ function Get-AzureContext {
         Regions          = @()
     }
 
-    Write-InformationColored "Querying Azure for management groups, subscriptions, and regions..." -ForegroundColor Green -InformationAction Continue
+    Write-ToConsoleLog "Querying Azure for management groups, subscriptions, and regions..."
 
     try {
         # Get the current tenant ID
@@ -70,7 +70,15 @@ function Get-AzureContext {
         # Get management groups
         $mgResult = az account management-group list --query "[].{id:name, displayName:displayName}" -o json 2>$null
         if ($LASTEXITCODE -eq 0 -and $mgResult) {
-            $azureContext.ManagementGroups = $mgResult | ConvertFrom-Json
+            $mgRaw = $mgResult | ConvertFrom-Json
+            $azureContext.ManagementGroups = @($mgRaw | ForEach-Object {
+                    @{
+                        label = "$($_.displayName) ($($_.id))"
+                        value = $_.id
+                    }
+                })
+        } else {
+            Write-ToConsoleLog "No management groups found or access denied." -IsWarning
         }
 
         # Get subscriptions (filtered to current tenant only, sorted by name)
@@ -80,16 +88,33 @@ function Get-AzureContext {
             $subResult = az account list --query "sort_by([].{id:id, name:name}, &name)" -o json 2>$null
         }
         if ($LASTEXITCODE -eq 0 -and $subResult) {
-            $azureContext.Subscriptions = $subResult | ConvertFrom-Json
+            $subRaw = $subResult | ConvertFrom-Json
+            $azureContext.Subscriptions = @($subRaw | ForEach-Object {
+                    @{
+                        label = "$($_.name) ($($_.id))"
+                        value = $_.id
+                    }
+                })
+        } else {
+            Write-ToConsoleLog "No subscriptions found or access denied." -IsWarning
         }
 
         # Get regions (sorted by displayName, include availability zone support)
         $regionResult = az account list-locations --query "sort_by([?metadata.regionType=='Physical'].{name:name, displayName:displayName, hasAvailabilityZones:length(availabilityZoneMappings || ``[]``) > ``0``}, &displayName)" -o json 2>$null
         if ($LASTEXITCODE -eq 0 -and $regionResult) {
-            $azureContext.Regions = $regionResult | ConvertFrom-Json
+            $regionRaw = $regionResult | ConvertFrom-Json
+            $azureContext.Regions = @($regionRaw | ForEach-Object {
+                    $azIndicator = if ($_.hasAvailabilityZones) { " [AZ]" } else { "" }
+                    @{
+                        label = "$($_.displayName) ($($_.name))$azIndicator"
+                        value = $_.name
+                    }
+                })
+        } else {
+            Write-ToConsoleLog "No regions found or access denied." -IsWarning
         }
 
-        Write-InformationColored "  Found $($azureContext.ManagementGroups.Count) management groups, $($azureContext.Subscriptions.Count) subscriptions, and $($azureContext.Regions.Count) regions" -ForegroundColor Gray -InformationAction Continue
+        Write-ToConsoleLog "Found $($azureContext.ManagementGroups.Count) management groups, $($azureContext.Subscriptions.Count) subscriptions, and $($azureContext.Regions.Count) regions"
 
         # Save to cache
         try {
@@ -102,7 +127,7 @@ function Get-AzureContext {
             Write-Verbose "Failed to write cache file: $_"
         }
     } catch {
-        Write-InformationColored "  Warning: Could not query Azure resources. You will need to enter IDs manually." -ForegroundColor Yellow -InformationAction Continue
+        Write-ToConsoleLog "Could not query Azure resources. You will need to enter IDs manually." -IsWarning
     }
 
     return $azureContext

src/ALZ/Private/Deploy-Accelerator-Helpers/Get-BootstrapAndStarterConfig.ps1

@@ -34,7 +34,7 @@ function Get-BootstrapAndStarterConfig {
         # Get the bootstrap details and validate it exists (use alias for legacy values)
         $bootstrapDetails = $bootstrapModules.PsObject.Properties | Where-Object { $_.Name -eq $bootstrap -or $bootstrap -in $_.Value.aliases }
         if($null -eq $bootstrapDetails) {
-            Write-InformationColored "The bootstrap type '$bootstrap' that you have selected does not exist. Please try again with a valid bootstrap type..." -ForegroundColor Red -InformationAction Continue
+            Write-ToConsoleLog "The bootstrap type '$bootstrap' that you have selected does not exist. Please try again with a valid bootstrap type..." -IsError
             throw
         }
 
@@ -48,7 +48,7 @@ function Get-BootstrapAndStarterConfig {
             $starterModuleType = $bootstrapStarterModule.Value
             $starterModuleDetails = $starterModules.PSObject.Properties | Where-Object { $_.Name -eq $starterModuleType }
             if($null -eq $starterModuleDetails) {
-                Write-InformationColored "The starter modules '$($starterModuleType)' for the bootstrap type '$bootstrap' that you have selected does not exist. This could be an issue with your custom configuration, please check and try again..." -ForegroundColor Red -InformationAction Continue
+                Write-ToConsoleLog "The starter modules '$($starterModuleType)' for the bootstrap type '$bootstrap' that you have selected does not exist. This could be an issue with your custom configuration, please check and try again..." -IsError
                 throw
             }
 

src/ALZ/Private/Deploy-Accelerator-Helpers/Invoke-Terraform.ps1

@@ -61,7 +61,7 @@ function Invoke-Terraform {
         }
 
         if (!$silent) {
-            Write-InformationColored "Terraform init has completed, now running the $action..." -ForegroundColor Green -NewLineBefore -InformationAction Continue
+            Write-ToConsoleLog "Terraform init has completed, now running the $action..." -IsSuccess
         }
 
         $planFileName = "tfplan"
@@ -85,7 +85,7 @@ function Invoke-Terraform {
         }
 
         if (!$silent) {
-            Write-InformationColored "Running Plan Command for $action : $command $arguments" -ForegroundColor Green -NewLineBefore -InformationAction Continue
+            Write-ToConsoleLog "Running Plan Command for $action : $command $arguments" -IsSuccess
             & $command $arguments
         } else {
             & $command $arguments | Write-Verbose
@@ -96,23 +96,23 @@ function Invoke-Terraform {
         # Stop and display timer
         $StopWatch.Stop()
         if (!$silent) {
-            Write-InformationColored "Time taken to complete Terraform plan:" -ForegroundColor Green -NewLineBefore -InformationAction Continue
+            Write-ToConsoleLog "Time taken to complete Terraform plan:" -IsSuccess
         }
         $StopWatch.Elapsed | Format-Table
 
         if ($exitCode -ne 0) {
-            Write-InformationColored "Terraform plan for $action failed with exit code $exitCode. Please review the error and try again or raise an issue." -ForegroundColor Red -NewLineBefore -InformationAction Continue
+            Write-ToConsoleLog "Terraform plan for $action failed with exit code $exitCode. Please review the error and try again or raise an issue." -IsError
             throw "Terraform plan failed with exit code $exitCode. Please review the error and try again or raise an issue."
         }
 
         if (!$autoApprove) {
-            Write-InformationColored "Terraform plan has completed, please review the plan and confirm you wish to continue." -ForegroundColor Yellow -NewLineBefore -InformationAction Continue
+            Write-ToConsoleLog "Terraform plan has completed, please review the plan and confirm you wish to continue." -IsWarning
             $choices = [System.Management.Automation.Host.ChoiceDescription[]] @("&Yes", "&No")
             $message = "Please confirm you wish to apply the plan."
             $title = "Confirm Terraform plan"
             $resultIndex = $host.ui.PromptForChoice($title, $message, $choices, 0)
             if ($resultIndex -eq 1) {
-                Write-InformationColored "You have chosen not to apply the plan. Exiting..." -ForegroundColor Red -NewLineBefore -InformationAction Continue
+                Write-ToConsoleLog "You have chosen not to apply the plan. Exiting..." -IsError
                 return
             }
         }
@@ -130,7 +130,7 @@ function Invoke-Terraform {
         $arguments += "$planFileName"
 
         if (!$silent) {
-            Write-InformationColored "Running Apply Command for $action : $command $arguments" -ForegroundColor Green -NewLineBefore -InformationAction Continue
+            Write-ToConsoleLog "Running Apply Command for $action : $command $arguments"
             & $command $arguments
         } else {
             & $command $arguments | Write-Verbose
@@ -142,7 +142,7 @@ function Invoke-Terraform {
         $maxAttempts = 5
 
         while ($exitCode -ne 0 -and $currentAttempt -lt $maxAttempts) {
-            Write-InformationColored "Terraform $action failed with exit code $exitCode. This is likely a transient issue, so we are retrying..." -ForegroundColor Yellow -NewLineBefore -InformationAction Continue
+            Write-ToConsoleLog "Terraform $action failed with exit code $exitCode. This is likely a transient issue, so we are retrying..." -IsWarning
             $currentAttempt++
             $command = "terraform"
             $arguments = @()
@@ -157,7 +157,7 @@ function Invoke-Terraform {
                 $arguments += "-destroy"
             }
 
-            Write-InformationColored "Running Apply Command for $action : $command $arguments" -ForegroundColor Green -NewLineBefore -InformationAction Continue
+            Write-ToConsoleLog "Retry Attempt $($currentAttempt) of $($maxAttempts): Running Apply Command for $action : $command $arguments"
             & $command $arguments
             $exitCode = $LASTEXITCODE
         }
@@ -170,12 +170,12 @@ function Invoke-Terraform {
         # Stop and display timer
         $StopWatch.Stop()
         if (!$silent) {
-            Write-InformationColored "Time taken to complete Terraform apply:" -ForegroundColor Green -NewLineBefore -InformationAction Continue
+            Write-ToConsoleLog "Time taken to complete Terraform apply:"
         }
         $StopWatch.Elapsed | Format-Table
 
         if ($exitCode -ne 0) {
-            Write-InformationColored "Terraform $action failed with exit code $exitCode after $maxAttempts attempts. Please review the error and try again or raise an issue." -ForegroundColor Red -NewLineBefore -InformationAction Continue
+            Write-ToConsoleLog "Terraform $action failed with exit code $exitCode after $maxAttempts attempts. Please review the error and try again or raise an issue." -IsError
             throw "Terraform $action failed with exit code $exitCode after $maxAttempts attempts. Please review the error and try again or raise an issue."
         } else {
             if ($output -ne "") {