Updating RBAC for all Standard Setup Templates (#402)

* updating with new role assignment

* updating templates

* updating rbac for standard setup

Author: fosteramanda

samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/azuredeploy.json

@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.39.26.7824",
-      "templateHash": "1725231348910266693"
+      "templateHash": "3024624923779287280"
     }
   },
   "parameters": {
@@ -2629,7 +2629,7 @@
             "_generator": {
               "name": "bicep",
               "version": "0.39.26.7824",
-              "templateHash": "16291470712974205281"
+              "templateHash": "17187611271934567223"
             }
           },
           "parameters": {
@@ -2651,7 +2651,7 @@
           },
           "variables": {
             "roleDefinitionId": "[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions', parameters('cosmosAccountName'), '00000000-0000-0000-0000-000000000002')]",
-            "accountScope": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.DocumentDB/databaseAccounts/{2}', subscription().subscriptionId, resourceGroup().name, parameters('cosmosAccountName'))]"
+            "accountScope": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.DocumentDB/databaseAccounts/{2}/dbs/enterprise_memory', subscription().subscriptionId, resourceGroup().name, parameters('cosmosAccountName'))]"
           },
           "resources": [
             {

samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/modules-network-secured/cosmos-container-role-assignments.bicep

@@ -8,24 +8,11 @@ param projectPrincipalId string
 
 param projectWorkspaceId string
 
-// var userThreadName = '${projectWorkspaceId}-thread-message-store'
-
 resource cosmosAccount 'Microsoft.DocumentDB/databaseAccounts@2024-12-01-preview' existing = {
   name: cosmosAccountName
   scope: resourceGroup()
 }
 
-// // Reference existing database
-// resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2024-12-01-preview' existing = {
-//   parent: cosmosAccount
-//   name: 'enterprise_memory'
-// }
-
-// resource containerUserMessageStore  'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers@2024-12-01-preview' existing = {
-//   parent: database
-//   name: userThreadName
-// }
-
 var roleDefinitionId = resourceId(
   'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions', 
   cosmosAccountName, 
@@ -43,4 +30,3 @@ resource containerRoleAssignmentUserContainer 'Microsoft.DocumentDB/databaseAcco
     scope: accountScope
   }
 }
-

samples/microsoft/infrastructure-setup/16-private-network-standard-agent-apim-setup-preview/azuredeploy.json

@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.39.26.7824",
-      "templateHash": "13333646941739374884"
+      "templateHash": "12031247753870237603"
     }
   },
   "parameters": {
@@ -2770,7 +2770,7 @@
             "_generator": {
               "name": "bicep",
               "version": "0.39.26.7824",
-              "templateHash": "16291470712974205281"
+              "templateHash": "17187611271934567223"
             }
           },
           "parameters": {
@@ -2792,7 +2792,7 @@
           },
           "variables": {
             "roleDefinitionId": "[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions', parameters('cosmosAccountName'), '00000000-0000-0000-0000-000000000002')]",
-            "accountScope": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.DocumentDB/databaseAccounts/{2}', subscription().subscriptionId, resourceGroup().name, parameters('cosmosAccountName'))]"
+            "accountScope": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.DocumentDB/databaseAccounts/{2}/dbs/enterprise_memory', subscription().subscriptionId, resourceGroup().name, parameters('cosmosAccountName'))]"
           },
           "resources": [
             {

samples/microsoft/infrastructure-setup/16-private-network-standard-agent-apim-setup-preview/modules-network-secured/cosmos-container-role-assignments.bicep

@@ -8,24 +8,11 @@ param projectPrincipalId string
 
 param projectWorkspaceId string
 
-// var userThreadName = '${projectWorkspaceId}-thread-message-store'
-
 resource cosmosAccount 'Microsoft.DocumentDB/databaseAccounts@2024-12-01-preview' existing = {
   name: cosmosAccountName
   scope: resourceGroup()
 }
 
-// // Reference existing database
-// resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2024-12-01-preview' existing = {
-//   parent: cosmosAccount
-//   name: 'enterprise_memory'
-// }
-
-// resource containerUserMessageStore  'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers@2024-12-01-preview' existing = {
-//   parent: database
-//   name: userThreadName
-// }
-
 var roleDefinitionId = resourceId(
   'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions', 
   cosmosAccountName, 
@@ -43,4 +30,3 @@ resource containerRoleAssignmentUserContainer 'Microsoft.DocumentDB/databaseAcco
     scope: accountScope
   }
 }
-

samples/microsoft/infrastructure-setup/17-private-network-standard-user-assigned-identity-agent-setup/azuredeploy.json

@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.39.26.7824",
-      "templateHash": "1485106587909607955"
+      "templateHash": "290789416224749131"
     }
   },
   "parameters": {
@@ -2737,7 +2737,7 @@
             "_generator": {
               "name": "bicep",
               "version": "0.39.26.7824",
-              "templateHash": "16291470712974205281"
+              "templateHash": "17187611271934567223"
             }
           },
           "parameters": {
@@ -2759,7 +2759,7 @@
           },
           "variables": {
             "roleDefinitionId": "[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions', parameters('cosmosAccountName'), '00000000-0000-0000-0000-000000000002')]",
-            "accountScope": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.DocumentDB/databaseAccounts/{2}', subscription().subscriptionId, resourceGroup().name, parameters('cosmosAccountName'))]"
+            "accountScope": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.DocumentDB/databaseAccounts/{2}/dbs/enterprise_memory', subscription().subscriptionId, resourceGroup().name, parameters('cosmosAccountName'))]"
           },
           "resources": [
             {

samples/microsoft/infrastructure-setup/17-private-network-standard-user-assigned-identity-agent-setup/modules-network-secured/cosmos-container-role-assignments.bicep

@@ -8,24 +8,11 @@ param projectPrincipalId string
 
 param projectWorkspaceId string
 
-// var userThreadName = '${projectWorkspaceId}-thread-message-store'
-
 resource cosmosAccount 'Microsoft.DocumentDB/databaseAccounts@2024-12-01-preview' existing = {
   name: cosmosAccountName
   scope: resourceGroup()
 }
 
-// // Reference existing database
-// resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2024-12-01-preview' existing = {
-//   parent: cosmosAccount
-//   name: 'enterprise_memory'
-// }
-
-// resource containerUserMessageStore  'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers@2024-12-01-preview' existing = {
-//   parent: database
-//   name: userThreadName
-// }
-
 var roleDefinitionId = resourceId(
   'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions', 
   cosmosAccountName, 
@@ -43,4 +30,3 @@ resource containerRoleAssignmentUserContainer 'Microsoft.DocumentDB/databaseAcco
     scope: accountScope
   }
 }
-

samples/microsoft/infrastructure-setup/31-customer-managed-keys-standard-agent/main.json

@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.39.26.7824",
-      "templateHash": "5355284057522929069"
+      "templateHash": "9028717141391138763"
     }
   },
   "parameters": {
@@ -1194,7 +1194,7 @@
             "_generator": {
               "name": "bicep",
               "version": "0.39.26.7824",
-              "templateHash": "11286754940754531283"
+              "templateHash": "8346749807649424278"
             }
           },
           "parameters": {
@@ -1213,7 +1213,7 @@
           },
           "variables": {
             "roleDefinitionId": "[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions', parameters('cosmosAccountName'), '00000000-0000-0000-0000-000000000002')]",
-            "accountScope": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.DocumentDB/databaseAccounts/{2}', subscription().subscriptionId, resourceGroup().name, parameters('cosmosAccountName'))]"
+            "accountScope": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.DocumentDB/databaseAccounts/{2}/dbs/enterprise_memory', subscription().subscriptionId, resourceGroup().name, parameters('cosmosAccountName'))]"
           },
           "resources": [
             {

samples/microsoft/infrastructure-setup/31-customer-managed-keys-standard-agent/modules-standard/cosmos-container-role-assignments.bicep

@@ -6,25 +6,11 @@ param cosmosAccountName string
 @description('Project name')
 param projectPrincipalId string
 
-
-// var userThreadName = '${projectWorkspaceId}-thread-message-store'
-
 resource cosmosAccount 'Microsoft.DocumentDB/databaseAccounts@2024-12-01-preview' existing = {
   name: cosmosAccountName
   scope: resourceGroup()
 }
 
-// // Reference existing database
-// resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2024-12-01-preview' existing = {
-//   parent: cosmosAccount
-//   name: 'enterprise_memory'
-// }
-
-// resource containerUserMessageStore  'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers@2024-12-01-preview' existing = {
-//   parent: database
-//   name: userThreadName
-// }
-
 var roleDefinitionId = resourceId(
   'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions', 
   cosmosAccountName, 

samples/microsoft/infrastructure-setup/41-standard-agent-setup/azuredeploy.json

@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.39.26.7824",
-      "templateHash": "7504975286451014433"
+      "templateHash": "7659596839548579132"
     }
   },
   "parameters": {
@@ -1337,7 +1337,7 @@
             "_generator": {
               "name": "bicep",
               "version": "0.39.26.7824",
-              "templateHash": "16291470712974205281"
+              "templateHash": "17187611271934567223"
             }
           },
           "parameters": {
@@ -1359,7 +1359,7 @@
           },
           "variables": {
             "roleDefinitionId": "[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions', parameters('cosmosAccountName'), '00000000-0000-0000-0000-000000000002')]",
-            "accountScope": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.DocumentDB/databaseAccounts/{2}', subscription().subscriptionId, resourceGroup().name, parameters('cosmosAccountName'))]"
+            "accountScope": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.DocumentDB/databaseAccounts/{2}/dbs/enterprise_memory', subscription().subscriptionId, resourceGroup().name, parameters('cosmosAccountName'))]"
           },
           "resources": [
             {

samples/microsoft/infrastructure-setup/41-standard-agent-setup/modules-standard/cosmos-container-role-assignments.bicep

@@ -8,24 +8,11 @@ param projectPrincipalId string
 
 param projectWorkspaceId string
 
-// var userThreadName = '${projectWorkspaceId}-thread-message-store'
-
 resource cosmosAccount 'Microsoft.DocumentDB/databaseAccounts@2024-12-01-preview' existing = {
   name: cosmosAccountName
   scope: resourceGroup()
 }
 
-// // Reference existing database
-// resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2024-12-01-preview' existing = {
-//   parent: cosmosAccount
-//   name: 'enterprise_memory'
-// }
-
-// resource containerUserMessageStore  'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers@2024-12-01-preview' existing = {
-//   parent: database
-//   name: userThreadName
-// }
-
 var roleDefinitionId = resourceId(
   'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions', 
   cosmosAccountName,