Deployment Changes for to pull ACR images from Marks ACR.

Author: TravisHilbert

content_packs/content_gen/agent_teams/content_gen.json

@@ -22,7 +22,8 @@
       "toolbox_filter": "",
       "user_responses": false,
       "coding_tools": false,
-      "temperature": null
+      "temperature": null,
+      "icon": ""
     },
     {
       "input_key": "CG_planning_agent",
@@ -39,7 +40,8 @@
       "toolbox_filter": "",
       "user_responses": false,
       "coding_tools": false,
-      "temperature": null
+      "temperature": null,
+      "icon": ""
     },
     {
       "input_key": "CG_research_agent",
@@ -56,7 +58,8 @@
       "toolbox_filter": "",
       "user_responses": false,
       "coding_tools": false,
-      "temperature": null
+      "temperature": null,
+      "icon": ""
     },
     {
       "input_key": "CG_text_content_agent",
@@ -73,7 +76,8 @@
       "toolbox_filter": "",
       "user_responses": false,
       "coding_tools": false,
-      "temperature": null
+      "temperature": null,
+      "icon": ""
     },
     {
       "input_key": "CG_image_content_agent",
@@ -90,7 +94,8 @@
       "toolbox_filter": "image",
       "user_responses": false,
       "coding_tools": false,
-      "temperature": null
+      "temperature": null,
+      "icon": ""
     },
     {
       "input_key": "CG_compliance_agent",
@@ -107,7 +112,8 @@
       "toolbox_filter": "",
       "user_responses": false,
       "coding_tools": false,
-      "temperature": null
+      "temperature": null,
+      "icon": ""
     }
   ],
   "protected": false,

content_packs/contract_compliance/agent_teams/contract_compliance_team.json

@@ -25,7 +25,8 @@
       "toolbox_filter": "",
       "user_responses": false,
       "coding_tools": false,
-      "temperature": null
+      "temperature": null,
+      "icon": ""
     },
     {
       "input_key": "",
@@ -42,7 +43,8 @@
       "toolbox_filter": "",
       "user_responses": false,
       "coding_tools": false,
-      "temperature": null
+      "temperature": null,
+      "icon": ""
     },
     {
       "input_key": "",
@@ -59,7 +61,8 @@
       "toolbox_filter": "",
       "user_responses": false,
       "coding_tools": false,
-      "temperature": null
+      "temperature": null,
+      "icon": ""
     }
   ],
   "protected": false,

content_packs/example_pack/agent_teams/example_pack.json

@@ -22,7 +22,8 @@
       "toolbox_filter": "",
       "user_responses": false,
       "coding_tools": false,
-      "temperature": null
+      "temperature": null,
+      "icon": ""
     },
     {
       "input_key": "research_agent",
@@ -39,7 +40,8 @@
       "toolbox_filter": "",
       "user_responses": false,
       "coding_tools": false,
-      "temperature": null
+      "temperature": null,
+      "icon": ""
     }
   ],
   "description": "Reference pack: a tiny book recommender backed by a CSV-indexed AI Search.",

content_packs/hr_onboarding/agent_teams/hr.json

@@ -22,7 +22,8 @@
       "toolbox_filter": "hr",
       "user_responses": true,
       "coding_tools": false,
-      "temperature": null
+      "temperature": null,
+      "icon": ""
     },
     {
       "input_key": "",
@@ -39,7 +40,8 @@
       "toolbox_filter": "tech_support",
       "user_responses": true,
       "coding_tools": false,
-      "temperature": null
+      "temperature": null,
+      "icon": ""
     }
   ],
   "protected": false,

content_packs/marketing_press_release/agent_teams/marketing.json

@@ -22,7 +22,8 @@
       "toolbox_filter": "product",
       "user_responses": false,
       "coding_tools": false,
-      "temperature": null
+      "temperature": null,
+      "icon": ""
     },
     {
       "input_key": "",
@@ -39,7 +40,8 @@
       "toolbox_filter": "marketing",
       "user_responses": false,
       "coding_tools": false,
-      "temperature": null
+      "temperature": null,
+      "icon": ""
     }
   ],
   "protected": false,

content_packs/retail_customer/agent_teams/retail.json

@@ -22,7 +22,8 @@
       "toolbox_filter": "",
       "user_responses": false,
       "coding_tools": false,
-      "temperature": 0.2
+      "temperature": 0.2,
+      "icon": ""
     },
     {
       "input_key": "",
@@ -39,7 +40,8 @@
       "toolbox_filter": "",
       "user_responses": false,
       "coding_tools": false,
-      "temperature": 0.2
+      "temperature": 0.2,
+      "icon": ""
     },
     {
       "input_key": "",
@@ -56,7 +58,8 @@
       "toolbox_filter": "",
       "user_responses": false,
       "coding_tools": false,
-      "temperature": null
+      "temperature": null,
+      "icon": ""
     }
   ],
   "protected": false,

content_packs/rfp_evaluation/agent_teams/rfp_analysis_team.json

@@ -15,7 +15,7 @@
       "type": "summary",
       "name": "RfpSummaryAgent",
       "deployment_name": "gpt-4.1-mini",
-      "system_message":"You are the Summary Agent. You have access to an Azure AI Search index containing RFP and proposal documents. Always use the search tool to retrieve relevant documents before responding — do not ask the user to provide or upload documents. Your role is to read and synthesize RFP or proposal documents into clear, structured executive summaries. Focus on key clauses, deliverables, evaluation criteria, pricing terms, timelines, and obligations. Organize your output into sections such as Overview, Key Clauses, Deliverables, Terms, and Notable Conditions. Highlight unique or high-impact items that other agents (Risk or Compliance) should review. Be concise, factual, and neutral in tone.",
+      "system_message": "You are the Summary Agent. You have access to an Azure AI Search index containing RFP and proposal documents. Always use the search tool to retrieve relevant documents before responding — do not ask the user to provide or upload documents. Your role is to read and synthesize RFP or proposal documents into clear, structured executive summaries. Focus on key clauses, deliverables, evaluation criteria, pricing terms, timelines, and obligations. Organize your output into sections such as Overview, Key Clauses, Deliverables, Terms, and Notable Conditions. Highlight unique or high-impact items that other agents (Risk or Compliance) should review. Be concise, factual, and neutral in tone.",
       "description": "Summarizes RFP and contract documents into structured, easy-to-understand overviews.",
       "use_file_search": false,
       "vector_store_name": "",
@@ -25,7 +25,8 @@
       "toolbox_filter": "",
       "user_responses": false,
       "coding_tools": false,
-      "temperature": null
+      "temperature": null,
+      "icon": ""
     },
     {
       "input_key": "",
@@ -42,7 +43,8 @@
       "toolbox_filter": "",
       "user_responses": false,
       "coding_tools": false,
-      "temperature": null
+      "temperature": null,
+      "icon": ""
     },
     {
       "input_key": "",
@@ -59,7 +61,8 @@
       "toolbox_filter": "",
       "user_responses": false,
       "coding_tools": false,
-      "temperature": null
+      "temperature": null,
+      "icon": ""
     }
   ],
   "protected": false,

infra/main.bicep

@@ -27,6 +27,7 @@ param solutionUniqueText string = take(uniqueString(subscription().id, resourceG
   'northeurope'
   'southeastasia'
   'uksouth'
+  'westus3'
 ])
 param location string
 
@@ -35,7 +36,7 @@ var deployerInfo = deployer()
 var deployingUserPrincipalId = deployerInfo.objectId
 
 // Restricting deployment to only supported Azure OpenAI regions validated with GPT-4o model
-@allowed(['australiaeast', 'eastus2', 'francecentral', 'japaneast', 'norwayeast', 'swedencentral', 'uksouth', 'westus'])
+@allowed(['australiaeast', 'eastus2', 'francecentral', 'japaneast', 'norwayeast', 'swedencentral', 'uksouth', 'westus', 'westus3'])
 @metadata({
   azd: {
     type: 'location'
@@ -168,31 +169,37 @@ param virtualMachineAdminPassword string?
 // These parameters are changed for testing - please reset as part of publication
 
 @description('Optional. The Container Registry hostname where the docker images for the backend are located.')
-param backendContainerRegistryHostname string = 'biabcontainerreg.azurecr.io'
+param backendContainerRegistryHostname string = 'macaetas273cr.azurecr.io'
 
 @description('Optional. The Container Image Name to deploy on the backend.')
 param backendContainerImageName string = 'macaebackend'
 
 @description('Optional. The Container Image Tag to deploy on the backend.')
-param backendContainerImageTag string = 'latest_v4'
+param backendContainerImageTag string = 'v1.4.0'
 
 @description('Optional. The Container Registry hostname where the docker images for the frontend are located.')
-param frontendContainerRegistryHostname string = 'biabcontainerreg.azurecr.io'
+param frontendContainerRegistryHostname string = 'macaetas273cr.azurecr.io'
 
 @description('Optional. The Container Image Name to deploy on the frontend.')
 param frontendContainerImageName string = 'macaefrontend'
 
 @description('Optional. The Container Image Tag to deploy on the frontend.')
-param frontendContainerImageTag string = 'latest_v4'
+param frontendContainerImageTag string = 'v1.3.0'
 
 @description('Optional. The Container Registry hostname where the docker images for the MCP are located.')
-param MCPContainerRegistryHostname string = 'biabcontainerreg.azurecr.io'
+param MCPContainerRegistryHostname string = 'macaetas273cr.azurecr.io'
 
 @description('Optional. The Container Image Name to deploy on the MCP.')
 param MCPContainerImageName string = 'macaemcp'
 
 @description('Optional. The Container Image Tag to deploy on the MCP.')
-param MCPContainerImageTag string = 'latest_v4'
+param MCPContainerImageTag string = 'v1.2.0'
+
+@description('Optional. The name of the external ACR to grant AcrPull access to. Derived from the registry hostname.')
+param externalAcrName string = split(backendContainerRegistryHostname, '.')[0]
+
+@description('Optional. The resource group containing the external ACR. Required when ACR is in a different resource group.')
+param externalAcrResourceGroup string = 'rg-macaetas27-3'
 
 @description('Optional. Enable/Disable usage telemetry for module.')
 param enableTelemetry bool = true
@@ -229,6 +236,7 @@ var cosmosDbZoneRedundantHaRegionPairs = {
   southeastasia: 'eastasia'
   uksouth: 'westeurope'
   westeurope: 'northeurope'
+  westus3: 'westus'
 }
 // Paired location calculated based on 'location' parameter. This location will be used by applicable resources if `enableScalability` is set to `true`
 var cosmosDbHaLocation = cosmosDbZoneRedundantHaRegionPairs[location]
@@ -245,6 +253,7 @@ var replicaRegionPairs = {
   southeastasia: 'eastasia'
   uksouth: 'westeurope'
   westeurope: 'northeurope'
+  westus3: 'eastus'
 }
 var replicaLocation = replicaRegionPairs[location]
 
@@ -422,6 +431,19 @@ module userAssignedIdentity 'br/public:avm/res/managed-identity/user-assigned-id
     enableTelemetry: enableTelemetry
   }
 }
+
+// ========== ACR Pull Role Assignment ========== //
+// Grant the user-assigned identity AcrPull on the external container registry.
+var acrRoleTargetRg = !empty(externalAcrResourceGroup) ? externalAcrResourceGroup : resourceGroup().name
+module acrPullRole 'modules/acr-pull-role.bicep' = {
+  name: 'acrPullRoleAssignment-${externalAcrName}'
+  scope: resourceGroup(acrRoleTargetRg)
+  params: {
+    acrName: externalAcrName
+    principalId: userAssignedIdentity.outputs.principalId
+  }
+}
+
 // ========== Virtual Network ========== //
 // WAF best practices for virtual networks: https://learn.microsoft.com/en-us/azure/well-architected/service-guides/virtual-network
 // WAF recommendations for networking and connectivity: https://learn.microsoft.com/en-us/azure/well-architected/security/networking
@@ -1282,13 +1304,20 @@ module containerAppEnvironment 'br/public:avm/res/app/managed-environment:0.11.2
 var containerAppResourceName = 'ca-${solutionSuffix}'
 module containerApp 'br/public:avm/res/app/container-app:0.18.1' = {
   name: take('avm.res.app.container-app.${containerAppResourceName}', 64)
+  dependsOn: [acrPullRole]
   params: {
     name: containerAppResourceName
     tags: tags
     location: location
     enableTelemetry: enableTelemetry
     environmentResourceId: containerAppEnvironment.outputs.resourceId
     managedIdentities: { userAssignedResourceIds: [userAssignedIdentity.outputs.resourceId] }
+    registries: [
+      {
+        server: backendContainerRegistryHostname
+        identity: userAssignedIdentity.outputs.resourceId
+      }
+    ]
     ingressTargetPort: 8000
     ingressExternal: true
     activeRevisionsMode: 'Single'
@@ -1469,13 +1498,20 @@ module containerApp 'br/public:avm/res/app/container-app:0.18.1' = {
 var containerAppMcpResourceName = 'ca-mcp-${solutionSuffix}'
 module containerAppMcp 'br/public:avm/res/app/container-app:0.18.1' = {
   name: take('avm.res.app.container-app.${containerAppMcpResourceName}', 64)
+  dependsOn: [acrPullRole]
   params: {
     name: containerAppMcpResourceName
     tags: tags
     location: location
     enableTelemetry: enableTelemetry
     environmentResourceId: containerAppEnvironment.outputs.resourceId
     managedIdentities: { userAssignedResourceIds: [userAssignedIdentity.outputs.resourceId] }
+    registries: [
+      {
+        server: MCPContainerRegistryHostname
+        identity: userAssignedIdentity.outputs.resourceId
+      }
+    ]
     ingressTargetPort: 9000
     ingressExternal: true
     activeRevisionsMode: 'Single'
@@ -1610,15 +1646,19 @@ module webServerFarm 'br/public:avm/res/web/serverfarm:0.5.0' = {
 var webSiteResourceName = 'app-${solutionSuffix}'
 module webSite 'modules/web-sites.bicep' = {
   name: take('module.web-sites.${webSiteResourceName}', 64)
+  dependsOn: [acrPullRole]
   params: {
     name: webSiteResourceName
     tags: tags
     location: location
     kind: 'app,linux,container'
     serverFarmResourceId: webServerFarm.?outputs.resourceId
+    managedIdentities: { userAssignedResourceIds: [userAssignedIdentity.outputs.resourceId] }
     siteConfig: {
       linuxFxVersion: 'DOCKER|${frontendContainerRegistryHostname}/${frontendContainerImageName}:${frontendContainerImageTag}'
       minTlsVersion: '1.2'
+      acrUseManagedIdentityCreds: true
+      acrUserManagedIdentityID: userAssignedIdentity.outputs.clientId
     }
     configs: [
       {