fix: merging dev to main

Author: Avijit-Microsoft

.github/workflows/validate-bicep-params.yml

@@ -33,9 +33,16 @@ jobs:
       - name: Validate infra/ parameters
         id: validate_infra
         continue-on-error: true
+        env:
+          ACCELERATOR_NAME: ${{ env.accelerator_name }}
         run: |
           set +e
-          python scripts/validate_bicep_params.py --dir infra --strict --no-color --json-output infra_results.json 2>&1 | tee infra_output.txt
+          RUN_URL="https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
+          python scripts/validate_bicep_params.py --dir infra --strict --no-color \
+            --json-output infra_results.json \
+            --html-output email_body.html \
+            --accelerator-name "${ACCELERATOR_NAME}" \
+            --run-url "${RUN_URL}" 2>&1 | tee infra_output.txt
           EXIT_CODE=${PIPESTATUS[0]}
           set -e
           echo "## Infra Param Validation" >> "$GITHUB_STEP_SUMMARY"
@@ -60,24 +67,21 @@ jobs:
           name: bicep-validation-results
           path: |
             infra_results.json
+            email_body.html
           retention-days: 30
 
       - name: Send schedule notification on failure
         if: github.event_name == 'schedule' && steps.result.outputs.status == 'failure'
         env:
           LOGICAPP_URL: ${{ secrets.EMAILNOTIFICATION_LOGICAPP_URL_TA }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
           ACCELERATOR_NAME: ${{ env.accelerator_name }}
         run: |
-          RUN_URL="https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
-          INFRA_OUTPUT=$(sed 's/&/\&amp;/g; s/</\&lt;/g; s/>/\&gt;/g' infra_output.txt)
+          EMAIL_BODY=$(cat email_body.html)
 
           jq -n \
             --arg name "${ACCELERATOR_NAME}" \
-            --arg infra "$INFRA_OUTPUT" \
-            --arg url "$RUN_URL" \
-            '{subject: ("Bicep Parameter Validation Report - " + $name + " - Issues Detected"), body: ("<p>Dear Team,</p><p>The scheduled <strong>Bicep Parameter Validation</strong> for <strong>" + $name + "</strong> has detected parameter mapping errors.</p><p><strong>infra/ Results:</strong></p><pre>" + $infra + "</pre><p><strong>Run URL:</strong> <a href=\"" + $url + "\">" + $url + "</a></p><p>Please fix the parameter mapping issues at your earliest convenience.</p><p>Best regards,<br>Your Automation Team</p>")}' \
+            --arg body "$EMAIL_BODY" \
+            '{subject: ("Bicep Parameter Validation Report - " + $name + " - Issues Detected"), body: $body}' \
             | curl -X POST "${LOGICAPP_URL}" \
               -H "Content-Type: application/json" \
               -d @- || echo "Failed to send notification"
@@ -86,18 +90,14 @@ jobs:
         if: github.event_name == 'schedule' && steps.result.outputs.status == 'success'
         env:
           LOGICAPP_URL: ${{ secrets.EMAILNOTIFICATION_LOGICAPP_URL_TA }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
           ACCELERATOR_NAME: ${{ env.accelerator_name }}
         run: |
-          RUN_URL="https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
-          INFRA_OUTPUT=$(sed 's/&/\&amp;/g; s/</\&lt;/g; s/>/\&gt;/g' infra_output.txt)
+          EMAIL_BODY=$(cat email_body.html)
 
           jq -n \
             --arg name "${ACCELERATOR_NAME}" \
-            --arg infra "$INFRA_OUTPUT" \
-            --arg url "$RUN_URL" \
-            '{subject: ("Bicep Parameter Validation Report - " + $name + " - Passed"), body: ("<p>Dear Team,</p><p>The scheduled <strong>Bicep Parameter Validation</strong> for <strong>" + $name + "</strong> has completed successfully. All parameter mappings are valid.</p><p><strong>infra/ Results:</strong></p><pre>" + $infra + "</pre><p><strong>Run URL:</strong> <a href=\"" + $url + "\">" + $url + "</a></p><p>Best regards,<br>Your Automation Team</p>")}' \
+            --arg body "$EMAIL_BODY" \
+            '{subject: ("Bicep Parameter Validation Report - " + $name + " - Passed"), body: $body}' \
             | curl -X POST "${LOGICAPP_URL}" \
               -H "Content-Type: application/json" \
               -d @- || echo "Failed to send notification"

README.md

@@ -183,8 +183,6 @@ Ensures consistent query translation across the organization.
 
 ### Security guidelines
 
-This template uses Azure Key Vault for use by AI Foundry.
-
 This template uses [Managed Identity](https://learn.microsoft.com/entra/identity/managed-identities-azure-resources/overview) for all Azure service communication.
 
 To ensure continued best practices in your own repository, we recommend that anyone creating solutions based on our templates ensure that the [Github secret scanning](https://docs.github.com/code-security/secret-scanning/about-secret-scanning) setting is enabled.

docs/images/add_authentication/app_reg_2.png

@@ -331,7 +331,6 @@ var privateDnsZones = [
   'privatelink.openai.azure.com'
   'privatelink.services.ai.azure.com'
   'privatelink.documents.azure.com'
-  'privatelink.vaultcore.azure.net'
   'privatelink.blob.${environment().suffixes.storage}'
   'privatelink.file.${environment().suffixes.storage}'
   'privatelink.monitor.azure.com'                       // Azure Monitor global endpoints (App Insights, DCE)
@@ -346,13 +345,12 @@ var dnsZoneIndex = {
   openAI: 1
   aiServices: 2
   cosmosDB: 3
-  keyVault: 4
-  storageBlob: 5
-  storageFile: 6
-  monitor: 7
-  oms: 8
-  ods: 9
-  agentSvc: 10
+  storageBlob: 4
+  storageFile: 5
+  monitor: 6
+  oms: 7
+  ods: 8
+  agentSvc: 9
 }
 
 // ===================================================
@@ -854,34 +852,6 @@ module storageAccount 'modules/storageAccount.bicep' = {
   }
 }
 
-module keyVault 'modules/keyVault.bicep' = {
-  name: take('module.keyVault.${solutionSuffix}', 64)
-  #disable-next-line no-unnecessary-dependson
-  dependsOn: [logAnalyticsWorkspace, virtualNetwork] // required due to optional flags that could change dependency
-  params: {
-    name: take('kv-${solutionSuffix}', 24)
-    location: location
-    sku: 'standard'
-    logAnalyticsWorkspaceResourceId: enableMonitoring ? logAnalyticsWorkspaceResourceId : ''
-    privateNetworking: enablePrivateNetworking
-      ? {
-          virtualNetworkResourceId: virtualNetwork!.outputs.resourceId
-          subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
-          privateDnsZoneResourceId: avmPrivateDnsZones[dnsZoneIndex.keyVault]!.outputs.resourceId
-        }
-      : null
-    roleAssignments: [
-      {
-        principalId: aiServices.outputs.?systemAssignedMIPrincipalId ?? appIdentity.outputs.principalId
-        principalType: 'ServicePrincipal'
-        roleDefinitionIdOrName: 'Key Vault Administrator'
-      }
-    ]
-    tags: allTags
-    enableTelemetry: enableTelemetry
-  }
-}
-
 module cosmosDb 'modules/cosmosDb.bicep' = {
   name: take('module.cosmosDb.${solutionSuffix}', 64)
   #disable-next-line no-unnecessary-dependson