Skip to content

Commit 4f74e04

Browse files
howieleunghowieleung
committed
update
1 parent f88450d commit 4f74e04

File tree

3 files changed

+20
-12
lines changed

3 files changed

+20
-12
lines changed

.github/workflows/template-validation.yml

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ jobs:
1717
- uses: microsoft/[email protected]
1818
id: validation
1919
env:
20+
TEMPLATE_VALIDATION_MODE: true
2021
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
2122
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
2223
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
@@ -25,16 +26,12 @@ jobs:
2526
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
2627
# Project-specific variables (matches azure-dev.yaml/azure.yaml/main.parameters.json)
2728
AZURE_RESOURCE_GROUP: ${{ vars.AZURE_RESOURCE_GROUP }}
28-
AZURE_AIHUB_NAME: ${{ vars.AZURE_AIHUB_NAME }}
29-
AZURE_AIPROJECT_NAME: ${{ vars.AZURE_AIPROJECT_NAME }}
3029
AZURE_AISERVICES_NAME: ${{ vars.AZURE_AISERVICES_NAME }}
3130
AZURE_SEARCH_SERVICE_NAME: ${{ vars.AZURE_SEARCH_SERVICE_NAME }}
3231
AZURE_APPLICATION_INSIGHTS_NAME: ${{ vars.AZURE_APPLICATION_INSIGHTS_NAME }}
3332
AZURE_CONTAINER_REGISTRY_NAME: ${{ vars.AZURE_CONTAINER_REGISTRY_NAME }}
34-
AZURE_KEYVAULT_NAME: ${{ vars.AZURE_KEYVAULT_NAME }}
3533
AZURE_STORAGE_ACCOUNT_NAME: ${{ vars.AZURE_STORAGE_ACCOUNT_NAME }}
3634
AZURE_LOG_ANALYTICS_WORKSPACE_NAME: ${{ vars.AZURE_LOG_ANALYTICS_WORKSPACE_NAME }}
37-
USE_CONTAINER_REGISTRY: ${{ vars.USE_CONTAINER_REGISTRY }}
3835
USE_APPLICATION_INSIGHTS: ${{ vars.USE_APPLICATION_INSIGHTS }}
3936
USE_SEARCH_SERVICE: ${{ vars.USE_SEARCH_SERVICE }}
4037
AZURE_AI_AGENT_NAME: ${{ vars.AZURE_AI_AGENT_NAME }}

infra/main.bicep

Lines changed: 16 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -116,8 +116,16 @@ param enableAzureMonitorTracing bool = false
116116
@description('Do we want to use the Azure Monitor tracing for GenAI content recording')
117117
param azureTracingGenAIContentRecordingEnabled bool = false
118118

119+
param templateValidationMode bool = false
120+
121+
@description('Random seed to be used during generation of new resources suffixes.')
122+
param seed string = newGuid()
123+
124+
var runnerPrincipalType = templateValidationMode? 'User' : 'ServicePrincipal'
125+
119126
var abbrs = loadJsonContent('./abbreviations.json')
120-
var resourceToken = toLower(uniqueString(subscription().id, environmentName, location))
127+
128+
var resourceToken = templateValidationMode? toLower(uniqueString(subscription().id, environmentName, location, seed)) : toLower(uniqueString(subscription().id, environmentName, location))
121129

122130
var tags = { 'azd-env-name': environmentName }
123131

@@ -299,7 +307,7 @@ module userRoleAzureAIDeveloper 'core/security/role.bicep' = {
299307
name: 'user-role-azureai-developer'
300308
scope: rg
301309
params: {
302-
principalType: 'User'
310+
principalType: runnerPrincipalType
303311
principalId: principalId
304312
roleDefinitionId: '64702f94-c441-49e6-a78b-ef80e0188fee'
305313
}
@@ -309,7 +317,7 @@ module userCognitiveServicesUser 'core/security/role.bicep' = if (empty(azureEx
309317
name: 'user-role-cognitive-services-user'
310318
scope: rg
311319
params: {
312-
principalType: 'User'
320+
principalType: runnerPrincipalType
313321
principalId: principalId
314322
roleDefinitionId: 'a97b65f3-24c7-4388-baec-2e87135dc908'
315323
}
@@ -319,7 +327,7 @@ module userAzureAIUser 'core/security/role.bicep' = if (empty(azureExistingAIPr
319327
name: 'user-role-azure-ai-user'
320328
scope: rg
321329
params: {
322-
principalType: 'User'
330+
principalType: runnerPrincipalType
323331
principalId: principalId
324332
roleDefinitionId: '53ca6127-db72-4b80-b1b0-d745d6d5456d'
325333
}
@@ -330,7 +338,7 @@ module userCognitiveServicesUser2 'core/security/role.bicep' = if (!empty(azure
330338
name: 'user-role-cognitive-services-user2'
331339
scope: existingProjectRG
332340
params: {
333-
principalType: 'User'
341+
principalType: runnerPrincipalType
334342
principalId: principalId
335343
roleDefinitionId: 'a97b65f3-24c7-4388-baec-2e87135dc908'
336344
}
@@ -391,7 +399,7 @@ module userRoleSearchIndexDataContributorRG 'core/security/role.bicep' = if (use
391399
name: 'user-role-azure-index-data-contributor-rg'
392400
scope: rg
393401
params: {
394-
principalType: 'User'
402+
principalType: runnerPrincipalType
395403
principalId: principalId
396404
roleDefinitionId: '8ebe5a00-799e-43f5-93ac-243d3dce84a7'
397405
}
@@ -401,7 +409,7 @@ module userRoleSearchIndexDataReaderRG 'core/security/role.bicep' = if (useSearc
401409
name: 'user-role-azure-index-data-reader-rg'
402410
scope: rg
403411
params: {
404-
principalType: 'User'
412+
principalType: runnerPrincipalType
405413
principalId: principalId
406414
roleDefinitionId: '1407120a-92aa-4202-b7e9-c0e197c71c8f'
407415
}
@@ -411,7 +419,7 @@ module userRoleSearchServiceContributorRG 'core/security/role.bicep' = if (useSe
411419
name: 'user-role-azure-search-service-contributor-rg'
412420
scope: rg
413421
params: {
414-
principalType: 'User'
422+
principalType: runnerPrincipalType
415423
principalId: principalId
416424
roleDefinitionId: '7ca78c08-252a-4471-8644-bb5ff32d4ba0'
417425
}

infra/main.parameters.json

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,9 @@
112112
},
113113
"azureTracingGenAIContentRecordingEnabled": {
114114
"value": "${AZURE_TRACING_GEN_AI_CONTENT_RECORDING_ENABLED=false}"
115+
},
116+
"templateValidationMode": {
117+
"value": "${TEMPLATE_VALIDATION_MODE=false}"
115118
}
116119
}
117120
}

0 commit comments

Comments
 (0)