Update yaml comments

infra/settings/resourceOrganization/azureResources.yaml

@@ -1,32 +1,17 @@
-# yaml-language-server: $schema=./azureResources.shema.json
-#
-# Microsoft Dev Box accelerator: Resource Groups Configuration
-# =======================================================
-#
-# Purpose: Defines the resource group organization structure for environments.
-# This configuration aligns with Azure Landing Zone principles by segregating resources
-# based on their functional purpose (workload, security, monitoring, connectivity).
-#
+# azureResources.yaml
+# -------------------------------------------------------
+# Purpose: Defines resource group organization for Dev Box environments.
+# Follows Azure Landing Zone principles for segregation by function.
 # References:
 # - Microsoft Dev Box accelerator: https://evilazaro.github.io/DevExp-DevBox/docs/configureresources/resourceorganization/
 # - Azure Landing Zones: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/
 # - Azure Resource Groups: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/manage-resource-groups-portal
 
 # Workload Resource Group
-# -----------------------
-# Purpose: Contains the primary Dev Box workload resources including:
-# - Dev Center resources
-# - Dev Box definitions
-# - Dev Box pools
-# - Project resources
-#
-# Best practice: Separate application workloads from infrastructure components
-# to enable independent scaling, access control, and lifecycle management.
-workload:
+workload:  # Main application resources
   create: true
   name: devexp-workload
   description: prodExp
-
   tags:
     environment: dev           # Deployment environment (dev, test, prod)
     division: Platforms        # Business division responsible for the resource
@@ -38,51 +23,31 @@ workload:
     resources: ResourceGroup  # Resource type
 
 # Security Resource Group
-# ----------------------
-# Purpose: Contains security-related resources including:
-# - Key Vaults for secret management
-# - Microsoft Defender for Cloud configurations
-# - Network Security Groups
-# - Private endpoints
-#
-# Best practice: Isolate security resources to apply stricter access controls
-# and enable separate monitoring/auditing of security components.
-security:
+security:  # Security-related resources (Key Vaults, NSGs, Defender, etc.)
   create: true
   name: devexp-security
   description: prodExp
-
   tags:
-    environment: dev
-    division: Platforms
-    team: DevExP
-    project: Contoso-DevExp-DevBox
-    costCenter: IT
-    owner: Contoso
-    landingZone: Workload
-    resources: ResourceGroup
+    environment: dev           # Deployment environment
+    division: Platforms        # Business division
+    team: DevExP              # Team
+    project: Contoso-DevExp-DevBox  # Project name
+    costCenter: IT            # Cost center
+    owner: Contoso            # Owner
+    landingZone: Workload     # Landing zone
+    resources: ResourceGroup  # Resource type
 
 # Monitoring Resource Group
-# ------------------------
-# Purpose: Contains monitoring and observability resources including:
-# - Log Analytics workspaces
-# - Application Insights components
-# - Azure Monitor alerts and action groups
-# - Dashboard and reporting resources
-#
-# Best practice: Centralize monitoring resources to provide a unified view
-# of operational health and simplify diagnostic activities.
-monitoring:
+monitoring:  # Monitoring and observability resources
   create: true
   name: devexp-monitoring
   description: prodExp
-
   tags:
-    environment: dev
-    division: Platforms
-    team: DevExP
-    project: Contoso-DevExp-DevBox
-    costCenter: IT
-    owner: Contoso
-    landingZone: Workload
-    resources: ResourceGroup
+    environment: dev           # Deployment environment
+    division: Platforms        # Business division
+    team: DevExP              # Team
+    project: Contoso-DevExp-DevBox  # Project name
+    costCenter: IT            # Cost center
+    owner: Contoso            # Owner
+    landingZone: Workload     # Landing zone
+    resources: ResourceGroup  # Resource type

infra/settings/security/security.yaml

@@ -1,40 +1,39 @@
+
 # yaml-language-server: $schema=./security.schema.json
-#
+# -------------------------------------------------------
 # Azure Key Vault Configuration
-# ----------------------------
-# This file defines the configuration for an Azure Key Vault resource
-# used for storing sensitive credentials and secrets in the development environment.
-
-# Purpose: Centralized management of secrets, keys, and certificates\
-# for secure access by applications and services in the Contoso development environment.
-# References: 
+# -------------------------------------------------------
+# Purpose: Centralized management of secrets, keys, and certificates for secure access by applications and services in the Contoso development environment.
+# This file defines the configuration for an Azure Key Vault resource used for storing sensitive credentials and secrets in the development environment.
+#
+# References:
 # - Microsoft Dev Box accelerator: https://evilazaro.github.io/DevExp-DevBox/docs/configureresources/security/
 # - Azure Key Vault documentation: https://learn.microsoft.com/en-us/azure/key-vault/general/basic-concepts
 # - Azure Key Vault best practices: https://learn.microsoft.com/en-us/azure/key-vault/general/best-practices
 
-# Whether to create the Key Vault resource
+# Top-level flag: Should the Key Vault resource be created?
 create: true
 
-# Key Vault configuration
+# Key Vault configuration block
 keyVault:
   # Basic settings
-  name: contoso                               # Name of the Key Vault (must be globally unique)
-  description: Development Environment Key Vault  # Purpose of this Key Vault
-  secretName: gha-token                       # Name of the GitHub Actions token secret
+  name: contoso                                 # Globally unique Key Vault name
+  description: Development Environment Key Vault # Purpose of this Key Vault
+  secretName: gha-token                         # Name of the GitHub Actions token secret
 
   # Security settings
-  enablePurgeProtection: true                 # Prevents permanent deletion of secrets even by authorized users
-  enableSoftDelete: true                      # Enables recovery of deleted secrets within retention period
-  softDeleteRetentionInDays: 7                # Number of days deleted secrets remain recoverable (7-90 days)
-  enableRbacAuthorization: true               # Uses Azure RBAC for access control instead of vault access policies
+  enablePurgeProtection: true                   # Prevent permanent deletion of secrets
+  enableSoftDelete: true                        # Allow recovery of deleted secrets within retention period
+  softDeleteRetentionInDays: 7                  # Retention period for deleted secrets (7-90 days)
+  enableRbacAuthorization: true                 # Use Azure RBAC for access control
 
-  # Resource organization
+  # Resource organization tags
   tags:
-    environment: dev                          # Deployment environment (dev/test/staging/prod)
-    division: Platforms                       # Organizational division responsible for this resource
-    team: DevExP                              # Team that owns this resource
-    project: Contoso-DevExp-DevBox            # Project associated with this resource
-    costCenter: IT                            # Cost center for billing and chargeback
-    owner: Contoso                            # Resource owner
-    landingZone: security                     # Azure landing zone classification
-    resources: ResourceGroup                  # Resource grouping identifier
+    environment: dev                            # Deployment environment (dev/test/staging/prod)
+    division: Platforms                         # Organizational division
+    team: DevExP                                # Owning team
+    project: Contoso-DevExp-DevBox              # Associated project
+    costCenter: IT                              # Cost center for billing
+    owner: Contoso                              # Resource owner
+    landingZone: security                       # Azure landing zone classification
+    resources: ResourceGroup                    # Resource grouping identifier

infra/settings/workload/devcenter.yaml

@@ -171,36 +171,37 @@ projects:
   - name: "eShop"
     description: "eShop project."
 
+    # Network configuration for eShop project
     network:
-      name: eShop
-      create: true
-      resourceGroupName: "eShop-connectivity-RG"
-      virtualNetworkType: Managed
+      name: eShop                                 # Name of the virtual network
+      create: true                                # Should the network be created?
+      resourceGroupName: "eShop-connectivity-RG"  # Resource group for network
+      virtualNetworkType: Managed                 # Type of virtual network
       addressPrefixes:
-        - 10.0.0.0/16
+        - 10.0.0.0/16                             # Address space for VNet
       subnets:
-        - name: identityProvider-subnet
+        - name: eShop-subnet           # Subnet name
           properties:
-            addressPrefix: 10.0.1.0/24
+            addressPrefix: 10.0.1.0/24            # Subnet address range
       tags:
-        environment: dev
-        division: Platforms
-        team: DevExP
-        project: DevExP-DevBox
-        costCenter: IT
-        owner: Contoso
-        resources: Network
+        environment: dev                          # Deployment environment
+        division: Platforms                       # Organizational division
+        team: DevExP                              # Team responsible
+        project: DevExP-DevBox                    # Project name
+        costCenter: IT                            # Cost center for billing
+        owner: Contoso                            # Resource owner
+        resources: Network                        # Resource type identifier
 
     # Project identity configuration - controls project-level security
     identity:
-      type: SystemAssigned
+      type: SystemAssigned                        # Managed identity type
       roleAssignments:
-        - azureADGroupId: "9d42a792-2d74-441d-8bcb-71009371725f"
-          azureADGroupName: "eShop Developers"
+        - azureADGroupId: "9d42a792-2d74-441d-8bcb-71009371725f" # Azure AD group ID
+          azureADGroupName: "eShop Developers"                    # Azure AD group name
           azureRBACRoles:
-            - name: "Contributor"
-              id: "b24988ac-6180-42a0-ab88-20f7382dd24c"
-              scope: Project
+            - name: "Contributor"                 # RBAC role name
+              id: "b24988ac-6180-42a0-ab88-20f7382dd24c" # RBAC role ID
+              scope: Project                      # Role scope
             - name: "Dev Box User"
               id: "45d50f46-0b78-4001-a660-4198cbe8cd05"
               scope: Project
@@ -217,21 +218,21 @@ projects:
     # Dev Box pools - collections of Dev Boxes with specific configurations
     # Best practice: Create role-specific pools with appropriate tools and settings
     pools:
-      - name: "backend-engineer"
-        imageDefinitionName: "eShop-backend-engineer"
-        vmSku: general_i_32c128gb512ssd_v2
-      - name: "frontend-engineer"
-        imageDefinitionName: "eShop-frontend-engineer"
-        vmSku: general_i_16c64gb256ssd_v2
+      - name: "backend-engineer"                  # Pool for backend engineers
+        imageDefinitionName: "eShop-backend-engineer" # Image definition for backend
+        vmSku: general_i_32c128gb512ssd_v2         # VM SKU for backend pool
+      - name: "frontend-engineer"                 # Pool for frontend engineers
+        imageDefinitionName: "eShop-frontend-engineer" # Image definition for frontend
+        vmSku: general_i_16c64gb256ssd_v2          # VM SKU for frontend pool
 
     # Project-specific environment types
     # Defines which deployment environments are available to the project
     environmentTypes:
-      - name: "dev"
+      - name: "dev"                               # Development environment
         deploymentTargetId: ""
-      - name: "staging"
+      - name: "staging"                           # Staging environment
         deploymentTargetId: ""
-      - name: "UAT"
+      - name: "UAT"                               # User Acceptance Testing environment
         deploymentTargetId: ""
 
     # Project-specific catalogs - repositories containing project configurations