Merge pull request #919 from microsoft/PSL-US-43670

refactor: Updated Foundry Roles name

Author: AjitPadhi-Microsoft

documents/LocalDevelopmentSetup.md

@@ -389,10 +389,10 @@ Write-Host $PRINCIPAL_ID
 #### Azure AI Foundry & OpenAI Access
 
 ```bash
-# Assign Azure AI User role
+# Assign Foundry User role
 az role assignment create \
   --assignee $PRINCIPAL_ID \
-  --role "Azure AI User" \
+  --role "Foundry User" \
   --scope "/subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.MachineLearningServices/workspaces/<ai-foundry-name>"
 
 # Assign Cognitive Services OpenAI User role

infra/main.bicep

@@ -729,12 +729,12 @@ module aiFoundryAiServices 'modules/ai-services.bicep' = {
     managedIdentities: { userAssignedResourceIds: [userAssignedIdentity!.outputs.resourceId] } //To create accounts or projects, you must enable a managed identity on your resource
     roleAssignments: [
       {
-        roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Azure AI User
+        roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Foundry User
         principalId: userAssignedIdentity.outputs.principalId
         principalType: 'ServicePrincipal'
       }
       {
-        roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Azure AI User
+        roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Foundry User
         principalId: backendUserAssignedIdentity.outputs.principalId
         principalType: 'ServicePrincipal'
       }

infra/main.json

@@ -6,7 +6,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.43.8.12551",
-      "templateHash": "9558335949477141360"
+      "templateHash": "1762309424496235679"
     }
   },
   "parameters": {
@@ -396,7 +396,7 @@
     "sqlServerResourceName": "[format('sql-{0}', variables('solutionSuffix'))]",
     "sqlDbModuleName": "[format('sqldb-{0}', variables('solutionSuffix'))]",
     "webServerFarmResourceName": "[format('asp-{0}', variables('solutionSuffix'))]",
-    "reactAppLayoutConfig": "{\r\n  \"appConfig\": {\r\n    \"THREE_COLUMN\": {\r\n      \"DASHBOARD\": 50,\r\n      \"CHAT\": 33,\r\n      \"CHATHISTORY\": 17\r\n    },\r\n    \"TWO_COLUMN\": {\r\n      \"DASHBOARD_CHAT\": {\r\n        \"DASHBOARD\": 65,\r\n        \"CHAT\": 35\r\n      },\r\n      \"CHAT_CHATHISTORY\": {\r\n        \"CHAT\": 80,\r\n        \"CHATHISTORY\": 20\r\n      }\r\n    }\r\n  },\r\n  \"charts\": [\r\n    {\r\n      \"id\": \"SATISFIED\",\r\n      \"name\": \"Satisfied\",\r\n      \"type\": \"card\",\r\n      \"layout\": { \"row\": 1, \"column\": 1, \"height\": 11 }\r\n    },\r\n    {\r\n      \"id\": \"TOTAL_CALLS\",\r\n      \"name\": \"Total Calls\",\r\n      \"type\": \"card\",\r\n      \"layout\": { \"row\": 1, \"column\": 2, \"span\": 1 }\r\n    },\r\n    {\r\n      \"id\": \"AVG_HANDLING_TIME\",\r\n      \"name\": \"Average Handling Time\",\r\n      \"type\": \"card\",\r\n      \"layout\": { \"row\": 1, \"column\": 3, \"span\": 1 }\r\n    },\r\n    {\r\n      \"id\": \"SENTIMENT\",\r\n      \"name\": \"Topics Overview\",\r\n      \"type\": \"donutchart\",\r\n      \"layout\": { \"row\": 2, \"column\": 1, \"width\": 40, \"height\": 44.5 }\r\n    },\r\n    {\r\n      \"id\": \"AVG_HANDLING_TIME_BY_TOPIC\",\r\n      \"name\": \"Average Handling Time By Topic\",\r\n      \"type\": \"bar\",\r\n      \"layout\": { \"row\": 2, \"column\": 2, \"row-span\": 2, \"width\": 60 }\r\n    },\r\n    {\r\n      \"id\": \"TOPICS\",\r\n      \"name\": \"Trending Topics\",\r\n      \"type\": \"table\",\r\n      \"layout\": { \"row\": 3, \"column\": 1, \"span\": 2 }\r\n    },\r\n    {\r\n      \"id\": \"KEY_PHRASES\",\r\n      \"name\": \"Key Phrases\",\r\n      \"type\": \"wordcloud\",\r\n      \"layout\": { \"row\": 3, \"column\": 2, \"height\": 44.5 }\r\n    }\r\n  ]\r\n}",
+    "reactAppLayoutConfig": "{\n  \"appConfig\": {\n    \"THREE_COLUMN\": {\n      \"DASHBOARD\": 50,\n      \"CHAT\": 33,\n      \"CHATHISTORY\": 17\n    },\n    \"TWO_COLUMN\": {\n      \"DASHBOARD_CHAT\": {\n        \"DASHBOARD\": 65,\n        \"CHAT\": 35\n      },\n      \"CHAT_CHATHISTORY\": {\n        \"CHAT\": 80,\n        \"CHATHISTORY\": 20\n      }\n    }\n  },\n  \"charts\": [\n    {\n      \"id\": \"SATISFIED\",\n      \"name\": \"Satisfied\",\n      \"type\": \"card\",\n      \"layout\": { \"row\": 1, \"column\": 1, \"height\": 11 }\n    },\n    {\n      \"id\": \"TOTAL_CALLS\",\n      \"name\": \"Total Calls\",\n      \"type\": \"card\",\n      \"layout\": { \"row\": 1, \"column\": 2, \"span\": 1 }\n    },\n    {\n      \"id\": \"AVG_HANDLING_TIME\",\n      \"name\": \"Average Handling Time\",\n      \"type\": \"card\",\n      \"layout\": { \"row\": 1, \"column\": 3, \"span\": 1 }\n    },\n    {\n      \"id\": \"SENTIMENT\",\n      \"name\": \"Topics Overview\",\n      \"type\": \"donutchart\",\n      \"layout\": { \"row\": 2, \"column\": 1, \"width\": 40, \"height\": 44.5 }\n    },\n    {\n      \"id\": \"AVG_HANDLING_TIME_BY_TOPIC\",\n      \"name\": \"Average Handling Time By Topic\",\n      \"type\": \"bar\",\n      \"layout\": { \"row\": 2, \"column\": 2, \"row-span\": 2, \"width\": 60 }\n    },\n    {\n      \"id\": \"TOPICS\",\n      \"name\": \"Trending Topics\",\n      \"type\": \"table\",\n      \"layout\": { \"row\": 3, \"column\": 1, \"span\": 2 }\n    },\n    {\n      \"id\": \"KEY_PHRASES\",\n      \"name\": \"Key Phrases\",\n      \"type\": \"wordcloud\",\n      \"layout\": { \"row\": 3, \"column\": 2, \"height\": 44.5 }\n    }\n  ]\n}",
     "backendWebSiteResourceName": "[format('api-{0}', variables('solutionSuffix'))]",
     "webSiteResourceName": "[format('app-{0}', variables('solutionSuffix'))]"
   },
@@ -29627,9 +29627,9 @@
       },
       "dependsOn": [
         "aiFoundryAiServices",
-        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]",
-        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').openAI)]",
         "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]",
+        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').openAI)]",
+        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]",
         "virtualNetwork"
       ]
     },
@@ -39943,10 +39943,10 @@
         }
       },
       "dependsOn": [
-        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageQueue)]",
         "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageBlob)]",
-        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageDfs)]",
         "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageFile)]",
+        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageQueue)]",
+        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageDfs)]",
         "userAssignedIdentity",
         "virtualNetwork"
       ]

infra/main_custom.bicep

@@ -713,12 +713,12 @@ module aiFoundryAiServices 'modules/ai-services.bicep' = {
     managedIdentities: { userAssignedResourceIds: [userAssignedIdentity!.outputs.resourceId] } //To create accounts or projects, you must enable a managed identity on your resource
     roleAssignments: [
       {
-        roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Azure AI User
+        roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Foundry User
         principalId: userAssignedIdentity.outputs.principalId
         principalType: 'ServicePrincipal'
       }
       {
-        roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Azure AI User
+        roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Foundry User
         principalId: backendUserAssignedIdentity.outputs.principalId
         principalType: 'ServicePrincipal'
       }

infra/scripts/run_create_agents_scripts.sh

@@ -284,26 +284,26 @@ else
     exit 1
 fi
 
-# Check if the principal has Azure AI User role on the AI Foundry
+# Check if the principal has Foundry User role on the AI Foundry
 role_assignment=$(MSYS_NO_PATHCONV=1 az role assignment list \
   --role "53ca6127-db72-4b80-b1b0-d745d6d5456d" \
   --scope "$aiFoundryResourceId" \
   --assignee "$signed_user_id" \
   --query "[].roleDefinitionId" -o tsv)
 
 if [ -z "$role_assignment" ]; then
-    echo "✓ Assigning Azure AI User role for AI Foundry"
+    echo "✓ Assigning Foundry User role for AI Foundry"
     MSYS_NO_PATHCONV=1 az role assignment create \
       --assignee "$signed_user_id" \
       --role "53ca6127-db72-4b80-b1b0-d745d6d5456d" \
       --scope "$aiFoundryResourceId" \
       --output none
     if [ $? -ne 0 ]; then
-        echo "✗ Failed to assign Azure AI User role for AI Foundry"
+        echo "✗ Failed to assign Foundry User role for AI Foundry"
         exit 1
     fi
 else
-    echo "✓ Principal already has the Azure AI User role"
+    echo "✓ Principal already has the Foundry User role"
 fi
 
 

infra/scripts/run_create_index_scripts.sh

@@ -74,13 +74,13 @@ fi
 
 # Note: Environment variables are now passed as parameters from process_sample_data.sh
 
-### Assign Azure AI User role to the signed in user for AI Foundry ###
+### Assign Foundry User role to the signed in user for AI Foundry ###
 role_assignment=$(MSYS_NO_PATHCONV=1 az role assignment list --role 53ca6127-db72-4b80-b1b0-d745d6d5456d --scope $aif_resource_id --assignee $signed_user_id --query "[].roleDefinitionId" -o tsv)
 if [ -z "$role_assignment" ]; then
-    echo "✓ Assigning Azure AI User role for AI Foundry"
+    echo "✓ Assigning Foundry User role for AI Foundry"
     MSYS_NO_PATHCONV=1 az role assignment create --assignee $signed_user_id --role 53ca6127-db72-4b80-b1b0-d745d6d5456d --scope $aif_resource_id --output none
     if [ $? -ne 0 ]; then
-        echo "✗ Failed to assign Azure AI User role for AI Foundry"
+        echo "✗ Failed to assign Foundry User role for AI Foundry"
         exit 1
     fi
 fi

src/start.cmd

@@ -192,21 +192,21 @@ call az sql server ad-admin create ^
     --output tsv >nul 2>&1
 echo Azure SQL Server AAD admin role assigned successfully.
 
-REM Assign Azure AI User role
-echo Checking Azure AI User role assignment...
+REM Assign Foundry User role
+echo Checking Foundry User role assignment...
 if not defined EXISTING_AI_PROJECT_RESOURCE_ID (
     echo Using AI Foundry account scope...
     FOR /F "delims=" %%i IN ('az role assignment list --assignee %signed_user_id% --role "53ca6127-db72-4b80-b1b0-d745d6d5456d" --scope "/subscriptions/%subscription_id%/resourceGroups/%AZURE_RESOURCE_GROUP%/providers/Microsoft.CognitiveServices/accounts/%AI_FOUNDRY_NAME%" --query "[0].id" -o tsv') DO set "aiUserRoleExists=%%i"
     if defined aiUserRoleExists (
-        echo User already has the Azure AI User role.
+        echo User already has the Foundry User role.
     ) else (
-        echo Assigning Azure AI User role to AI Foundry account...
+        echo Assigning Foundry User role to AI Foundry account...
         call az role assignment create ^
             --assignee %signed_user_id% ^
             --role "53ca6127-db72-4b80-b1b0-d745d6d5456d" ^
             --scope "/subscriptions/%subscription_id%/resourceGroups/%AZURE_RESOURCE_GROUP%/providers/Microsoft.CognitiveServices/accounts/%AI_FOUNDRY_NAME%" ^
             --output none
-        echo Azure AI User role assigned successfully.
+        echo Foundry User role assigned successfully.
     )
 ) else (
     echo Extracting foundry scope from existing AI project resource ID...
@@ -216,15 +216,15 @@ if not defined EXISTING_AI_PROJECT_RESOURCE_ID (
     echo Using foundry scope from existing project: !FOUNDRY_SCOPE!
     FOR /F "delims=" %%i IN ('az role assignment list --assignee %signed_user_id% --role "53ca6127-db72-4b80-b1b0-d745d6d5456d" --scope "!FOUNDRY_SCOPE!" --query "[0].id" -o tsv') DO set "aiUserRoleExists=%%i"
     if defined aiUserRoleExists (
-        echo User already has the Azure AI User role.
+        echo User already has the Foundry User role.
     ) else (
-        echo Assigning Azure AI User role to foundry account...
+        echo Assigning Foundry User role to foundry account...
         call az role assignment create ^
             --assignee %signed_user_id% ^
             --role "53ca6127-db72-4b80-b1b0-d745d6d5456d" ^
             --scope "!FOUNDRY_SCOPE!" ^
             --output none
-        echo Azure AI User role assigned successfully.
+        echo Foundry User role assigned successfully.
     )
 )
 

src/start.sh

@@ -163,8 +163,8 @@ setup_environment() {
         --output tsv >/dev/null 2>&1
     echo "Azure SQL Server AAD admin role assigned successfully."
 
-    # Assign Azure AI User role
-    echo "Checking Azure AI User role assignment..."
+    # Assign Foundry User role
+    echo "Checking Foundry User role assignment..."
     if [ -z "$EXISTING_AI_PROJECT_RESOURCE_ID" ]; then
         echo "Using AI Foundry account scope..."
         echo "AI Foundry Name: $AI_FOUNDRY_NAME"
@@ -195,15 +195,15 @@ setup_environment() {
             --query "[0].id" -o tsv)
 
         if [ -n "$aiUserRoleExists" ]; then
-            echo "User already has the Azure AI User role."
+            echo "User already has the Foundry User role."
         else
-            echo "Assigning Azure AI User role to AI Foundry account..."
+            echo "Assigning Foundry User role to AI Foundry account..."
             az role assignment create \
                 --assignee "$signed_user_id" \
                 --role "53ca6127-db72-4b80-b1b0-d745d6d5456d" \
                 --scope "$foundryExists" \
                 --output none
-            echo "Azure AI User role assigned successfully."
+            echo "Foundry User role assigned successfully."
         fi
     else
         echo "Extracting foundry scope from existing AI project resource ID..."
@@ -223,15 +223,15 @@ setup_environment() {
             --query "[0].id" -o tsv)
 
         if [ -n "$aiUserRoleExists" ]; then
-            echo "User already has the Azure AI User role."
+            echo "User already has the Foundry User role."
         else
-            echo "Assigning Azure AI User role to foundry account..."
+            echo "Assigning Foundry User role to foundry account..."
             az role assignment create \
                 --assignee "$signed_user_id" \
                 --role "53ca6127-db72-4b80-b1b0-d745d6d5456d" \
                 --scope "$FOUNDRY_SCOPE" \
                 --output none
-            echo "Azure AI User role assigned successfully."
+            echo "Foundry User role assigned successfully."
         fi
     fi