Automated sync from private repo (2026-03-19) (#611)

* fix: scope Cosmos DB SQL role assignment to account level for Agents v2 (#84)

Replace three per-collection azurerm_cosmosdb_sql_role_assignment resources
(scoped to individual enterprise_memory collections) with a single assignment
scoped at the Cosmos DB account level. This is required for Agents v2 and
eliminates redundant per-collection definitions.

Affected templates:
- infrastructure-setup-terraform/15a-private-network-standard-agent-setup
- infrastructure-setup-terraform/15b-private-network-standard-agent-setup-byovnet

* Update README with correct parameters for deployment (#95)

* fixup: correct drift after commit replay

* Update sync state to 4144addd759b

---------

Co-authored-by: geabdluca <73857153+geabdluca@users.noreply.github.com>
Co-authored-by: AhmadAbdullah91 <91725950+AhmadAbdullah91@users.noreply.github.com>
Co-authored-by: foundry-samples-repo-sync[bot] <foundry-samples-repo-sync[bot]@users.noreply.github.com>

Author: 3 people

.github/.sync-sha

@@ -1 +1 @@
-560fc8afc9b55c70a8dd25d7b55335a4426fddef
+4144addd759bfc0271f88b62c3f4c945bebbc604

infrastructure/infrastructure-setup-bicep/31-customer-managed-keys-standard-agent/README.md

@@ -26,7 +26,7 @@ This Azure AI Foundry template demonstrates how to deploy AI Foundry with Agents
 Steps:
 1. Run the command above once to create the account and project without CMK.
    ```bash
-   az deployment group create --name "{DEPLOYMENT_NAME}" --resource-group "{RESOURCE_GROUP_NAME}" --template-file ./main.bicep --parameters azureKeyVaultName="{KEY_VAULT_NAME}" azureKeyName="{KEY_NAME}" azureKeyVersion="{KEY_VERSION}"
+   az deployment group create --name "{DEPLOYMENT_NAME}" --resource-group "{RESOURCE_GROUP_NAME}" --template-file ./main.bicep --parameters keyVaultName="{KEY_VAULT_NAME}" keyName="{KEY_NAME}" keyVersion="{KEY_VERSION}"
    ```
 1. Give account resource Key Vault Admin role, or more restricted get/wrap/unwrap key role assignments, on the Azure Key Vault. 
 1. Uncomment out the encryption section in the main.bicep file to update with CMK.

infrastructure/infrastructure-setup-terraform/15a-private-network-standard-agent-setup/code/main.tf

@@ -707,40 +707,16 @@ resource "azapi_resource" "ai_foundry_project_capability_host" {
   }
 }
 
-## Create the necessary data plane role assignments to the CosmosDb databases created by the AI Foundry Project
+## Create the necessary data plane role assignments to the CosmosDb account created by the AI Foundry Project
 ##
-resource "azurerm_cosmosdb_sql_role_assignment" "cosmosdb_db_sql_role_aifp_user_thread_message_store" {
+resource "azurerm_cosmosdb_sql_role_assignment" "cosmosdb_db_sql_role_aifp" {
   depends_on = [
     azapi_resource.ai_foundry_project_capability_host
   ]
-  name                = uuidv5("dns", "${azapi_resource.ai_foundry_project.name}${azapi_resource.ai_foundry_project.output.identity.principalId}userthreadmessage_dbsqlrole")
+  name                = uuidv5("dns", "${azapi_resource.ai_foundry_project.name}${azapi_resource.ai_foundry_project.output.identity.principalId}cosmosdb_dbsqlrole")
   resource_group_name = azurerm_resource_group.rg.name
   account_name        = azurerm_cosmosdb_account.cosmosdb.name
-  scope               = "${azurerm_cosmosdb_account.cosmosdb.id}/dbs/enterprise_memory/colls/${local.project_id_guid}-thread-message-store"
-  role_definition_id  = "${azurerm_cosmosdb_account.cosmosdb.id}/sqlRoleDefinitions/00000000-0000-0000-0000-000000000002"
-  principal_id        = azapi_resource.ai_foundry_project.output.identity.principalId
-}
-
-resource "azurerm_cosmosdb_sql_role_assignment" "cosmosdb_db_sql_role_aifp_system_thread_name" {
-  depends_on = [
-    azurerm_cosmosdb_sql_role_assignment.cosmosdb_db_sql_role_aifp_user_thread_message_store
-  ]
-  name                = uuidv5("dns", "${azapi_resource.ai_foundry_project.name}${azapi_resource.ai_foundry_project.output.identity.principalId}systemthread_dbsqlrole")
-  resource_group_name = azurerm_resource_group.rg.name
-  account_name        = azurerm_cosmosdb_account.cosmosdb.name
-  scope               = "${azurerm_cosmosdb_account.cosmosdb.id}/dbs/enterprise_memory/colls/${local.project_id_guid}-system-thread-message-store"
-  role_definition_id  = "${azurerm_cosmosdb_account.cosmosdb.id}/sqlRoleDefinitions/00000000-0000-0000-0000-000000000002"
-  principal_id        = azapi_resource.ai_foundry_project.output.identity.principalId
-}
-
-resource "azurerm_cosmosdb_sql_role_assignment" "cosmosdb_db_sql_role_aifp_entity_store_name" {
-  depends_on = [
-    azurerm_cosmosdb_sql_role_assignment.cosmosdb_db_sql_role_aifp_system_thread_name
-  ]
-  name                = uuidv5("dns", "${azapi_resource.ai_foundry_project.name}${azapi_resource.ai_foundry_project.output.identity.principalId}entitystore_dbsqlrole")
-  resource_group_name = azurerm_resource_group.rg.name
-  account_name        = azurerm_cosmosdb_account.cosmosdb.name
-  scope               = "${azurerm_cosmosdb_account.cosmosdb.id}/dbs/enterprise_memory/colls/${local.project_id_guid}-agent-entity-store"
+  scope               = azurerm_cosmosdb_account.cosmosdb.id
   role_definition_id  = "${azurerm_cosmosdb_account.cosmosdb.id}/sqlRoleDefinitions/00000000-0000-0000-0000-000000000002"
   principal_id        = azapi_resource.ai_foundry_project.output.identity.principalId
 }

infrastructure/infrastructure-setup-terraform/15b-private-network-standard-agent-setup-byovnet/code/main.tf

@@ -563,46 +563,18 @@ resource "azapi_resource" "ai_foundry_project_capability_host" {
   }
 }
 
-## Create the necessary data plane role assignments to the CosmosDb databases created by the AI Foundry Project
+## Create the necessary data plane role assignments to the CosmosDb account created by the AI Foundry Project
 ##
-resource "azurerm_cosmosdb_sql_role_assignment" "cosmosdb_db_sql_role_aifp_user_thread_message_store" {
+resource "azurerm_cosmosdb_sql_role_assignment" "cosmosdb_db_sql_role_aifp" {
   provider = azurerm.workload_subscription
 
   depends_on = [
     azapi_resource.ai_foundry_project_capability_host
   ]
-  name                = uuidv5("dns", "${azapi_resource.ai_foundry_project.name}${azapi_resource.ai_foundry_project.output.identity.principalId}userthreadmessage_dbsqlrole")
+  name                = uuidv5("dns", "${azapi_resource.ai_foundry_project.name}${azapi_resource.ai_foundry_project.output.identity.principalId}cosmosdb_dbsqlrole")
   resource_group_name = var.resource_group_name_resources
   account_name        = azurerm_cosmosdb_account.cosmosdb.name
-  scope               = "${azurerm_cosmosdb_account.cosmosdb.id}/dbs/enterprise_memory/colls/${local.project_id_guid}-thread-message-store"
-  role_definition_id  = "${azurerm_cosmosdb_account.cosmosdb.id}/sqlRoleDefinitions/00000000-0000-0000-0000-000000000002"
-  principal_id        = azapi_resource.ai_foundry_project.output.identity.principalId
-}
-
-resource "azurerm_cosmosdb_sql_role_assignment" "cosmosdb_db_sql_role_aifp_system_thread_name" {
-  provider = azurerm.workload_subscription
-
-  depends_on = [
-    azurerm_cosmosdb_sql_role_assignment.cosmosdb_db_sql_role_aifp_user_thread_message_store
-  ]
-  name                = uuidv5("dns", "${azapi_resource.ai_foundry_project.name}${azapi_resource.ai_foundry_project.output.identity.principalId}systemthread_dbsqlrole")
-  resource_group_name = var.resource_group_name_resources
-  account_name        = azurerm_cosmosdb_account.cosmosdb.name
-  scope               = "${azurerm_cosmosdb_account.cosmosdb.id}/dbs/enterprise_memory/colls/${local.project_id_guid}-system-thread-message-store"
-  role_definition_id  = "${azurerm_cosmosdb_account.cosmosdb.id}/sqlRoleDefinitions/00000000-0000-0000-0000-000000000002"
-  principal_id        = azapi_resource.ai_foundry_project.output.identity.principalId
-}
-
-resource "azurerm_cosmosdb_sql_role_assignment" "cosmosdb_db_sql_role_aifp_entity_store_name" {
-  provider = azurerm.workload_subscription
-
-  depends_on = [
-    azurerm_cosmosdb_sql_role_assignment.cosmosdb_db_sql_role_aifp_system_thread_name
-  ]
-  name                = uuidv5("dns", "${azapi_resource.ai_foundry_project.name}${azapi_resource.ai_foundry_project.output.identity.principalId}entitystore_dbsqlrole")
-  resource_group_name = var.resource_group_name_resources
-  account_name        = azurerm_cosmosdb_account.cosmosdb.name
-  scope               = "${azurerm_cosmosdb_account.cosmosdb.id}/dbs/enterprise_memory/colls/${local.project_id_guid}-agent-entity-store"
+  scope               = azurerm_cosmosdb_account.cosmosdb.id
   role_definition_id  = "${azurerm_cosmosdb_account.cosmosdb.id}/sqlRoleDefinitions/00000000-0000-0000-0000-000000000002"
   principal_id        = azapi_resource.ai_foundry_project.output.identity.principalId
 }

samples/python/quickstart/chat-with-agent/quickstart-chat-with-agent.py

@@ -7,7 +7,7 @@
 
 # Create project and openai clients to call Foundry API
 project = AIProjectClient(
-    endpoint=FOUNDRY_PROJECT_ENDPOINT,
+    endpoint=PROJECT_ENDPOINT,
     credential=DefaultAzureCredential(),
 )
 openai = project.get_openai_client()
@@ -18,15 +18,15 @@
 # Chat with the agent to answer questions
 response = openai.responses.create(
     conversation=conversation.id,
-    extra_body={"agent_reference": {"name": FOUNDRY_AGENT_NAME, "type": "agent_reference"}},
+    extra_body={"agent_reference": {"name": AGENT_NAME, "type": "agent_reference"}},
     input="What is the size of France in square miles?",
 )
 print(response.output_text)
 
 # Ask a follow-up question in the same conversation
 response = openai.responses.create(
     conversation=conversation.id,
-    extra_body={"agent_reference": {"name": FOUNDRY_AGENT_NAME, "type": "agent_reference"}},
+    extra_body={"agent_reference": {"name": AGENT_NAME, "type": "agent_reference"}},
     input="And what is the capital city?",
 )
 print(response.output_text)

samples/python/quickstart/chat-with-agent/requirements.txt

@@ -1,4 +1,4 @@
 azure-ai-projects>=2.0.0a20250915020
 azure-identity
 python-dotenv
-openai
+openai

samples/python/quickstart/create-agent/quickstart-create-agent.py

@@ -20,4 +20,4 @@
         instructions="You are a helpful assistant that answers general questions",
     ),
 )
-print(f"Agent created (id: {agent.id}, name: {agent.name}, version: {agent.version})")
+print(f"Agent created (id: {agent.id}, name: {agent.name}, version: {agent.version})")

samples/python/quickstart/create-agent/requirements.txt

@@ -1,4 +1,4 @@
 azure-ai-projects>=2.0.0a20250915020
 azure-identity
 python-dotenv
-openai
+openai

samples/python/quickstart/responses/quickstart-responses.py

@@ -16,4 +16,4 @@
     model="gpt-5-mini",  # supports all Foundry direct models
     input="What is the size of France in square miles?",
 )
-print(f"Response output: {response.output_text}")
+print(f"Response output: {response.output_text}")

samples/python/quickstart/responses/requirements.txt

@@ -1,4 +1,4 @@
 azure-ai-projects>=2.0.0a20250915020
 azure-identity
 python-dotenv
-openai
+openai