From b7d69e0fb27e631f7547d06819e2a3ed0366f555 Mon Sep 17 00:00:00 2001 From: Ajit Padhi Date: Mon, 18 May 2026 12:39:09 +0530 Subject: [PATCH] Updated Foundry Roles name --- docs/LocalDevelopmentSetup.md | 8 ++--- infra/main.bicep | 4 +-- infra/main.json | 34 +++++++++---------- infra/main_custom.bicep | 4 +-- .../deploy_foundry_role_assignment.bicep | 4 +-- scripts/local_dev.ps1 | 10 +++--- scripts/local_dev.sh | 10 +++--- 7 files changed, 37 insertions(+), 37 deletions(-) diff --git a/docs/LocalDevelopmentSetup.md b/docs/LocalDevelopmentSetup.md index 5d73f7c44..5117e9b9d 100644 --- a/docs/LocalDevelopmentSetup.md +++ b/docs/LocalDevelopmentSetup.md @@ -441,14 +441,14 @@ az role assignment create ` --scope "/subscriptions//resourceGroups//providers/Microsoft.Storage/storageAccounts/" ``` -### Azure AI User Access Denied +### Foundry User Access Denied -The local dev script assigns the Azure AI User role automatically. If you still encounter issues, add manually: +The local dev script assigns the Foundry User role automatically. If you still encounter issues, add manually: ```bash # Linux/macOS az role assignment create \ - --role "Azure AI User" \ + --role "Foundry User" \ --assignee $(az ad signed-in-user show --query id -o tsv) \ --scope /subscriptions//resourceGroups//providers/Microsoft.CognitiveServices/accounts/ ``` @@ -456,7 +456,7 @@ az role assignment create \ ```powershell # Windows PowerShell az role assignment create ` - --role "Azure AI User" ` + --role "Foundry User" ` --assignee (az ad signed-in-user show --query id -o tsv) ` --scope "/subscriptions//resourceGroups//providers/Microsoft.CognitiveServices/accounts/" ``` diff --git a/infra/main.bicep b/infra/main.bicep index 3ea96ad4b..3ff9c8d31 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -559,7 +559,7 @@ module aiFoundryAiServices 'br/public:avm/res/cognitive-services/account:0.14.2' } roleAssignments: [ { - roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Azure AI User + roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Foundry User principalId: userAssignedIdentity.outputs.principalId principalType: 'ServicePrincipal' } @@ -574,7 +574,7 @@ module aiFoundryAiServices 'br/public:avm/res/cognitive-services/account:0.14.2' principalType: 'ServicePrincipal' } { - roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Azure AI User for deployer + roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Foundry User for deployer principalId: deployer().objectId } ] diff --git a/infra/main.json b/infra/main.json index 21b760672..5aa0d0c0a 100644 --- a/infra/main.json +++ b/infra/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "8605178057902281640" + "version": "0.43.8.12551", + "templateHash": "12804908665994846581" }, "name": "Intelligent Content Generation Accelerator", "description": "Solution Accelerator for multimodal marketing content generation using Microsoft Agent Framework.\n" @@ -4847,8 +4847,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "5942055518457081505" + "version": "0.43.8.12551", + "templateHash": "10553796402276006272" } }, "parameters": { @@ -24883,8 +24883,8 @@ }, "dependsOn": [ "aiFoundryAiServices", - "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').openAI)]", + "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]", "virtualNetwork" ] }, @@ -24924,8 +24924,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "16893794525082731825" + "version": "0.43.8.12551", + "templateHash": "10492947109706449236" } }, "parameters": { @@ -25062,8 +25062,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "12916889556462137224" + "version": "0.43.8.12551", + "templateHash": "11951897391539128934" } }, "parameters": { @@ -25186,8 +25186,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "13520241640147571543" + "version": "0.43.8.12551", + "templateHash": "12839007615076660968" } }, "parameters": { @@ -42326,8 +42326,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "10464081739325272474" + "version": "0.43.8.12551", + "templateHash": "1750084008268987068" } }, "definitions": { @@ -43365,8 +43365,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "904290865426801162" + "version": "0.43.8.12551", + "templateHash": "3262149826084752172" }, "name": "Site App Settings", "description": "This module deploys a Site App Setting." @@ -44414,8 +44414,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "12074733710352169882" + "version": "0.43.8.12551", + "templateHash": "4497918681275542632" } }, "parameters": { diff --git a/infra/main_custom.bicep b/infra/main_custom.bicep index 8591f2161..8263e1459 100644 --- a/infra/main_custom.bicep +++ b/infra/main_custom.bicep @@ -592,7 +592,7 @@ module aiFoundryAiServices 'br/public:avm/res/cognitive-services/account:0.14.2' } roleAssignments: [ { - roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Azure AI User + roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Foundry User principalId: userAssignedIdentity.outputs.principalId principalType: 'ServicePrincipal' } @@ -607,7 +607,7 @@ module aiFoundryAiServices 'br/public:avm/res/cognitive-services/account:0.14.2' principalType: 'ServicePrincipal' } { - roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Azure AI User for deployer + roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Foundry User for deployer principalId: deployer().objectId } ] diff --git a/infra/modules/deploy_foundry_role_assignment.bicep b/infra/modules/deploy_foundry_role_assignment.bicep index efe58e733..97cbbe5ea 100644 --- a/infra/modules/deploy_foundry_role_assignment.bicep +++ b/infra/modules/deploy_foundry_role_assignment.bicep @@ -23,7 +23,7 @@ param principalType string = 'ServicePrincipal' // ========== Role Definitions ========== // -// Azure AI User role - for AI Foundry project access (used by AIProjectClient for image generation) +// Foundry User role - for AI Foundry project access (used by AIProjectClient for image generation) resource azureAiUserRole 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = { name: '53ca6127-db72-4b80-b1b0-d745d6d5456d' } @@ -48,7 +48,7 @@ resource existingAiProject 'Microsoft.CognitiveServices/accounts/projects@2025-1 // ========== Role Assignments ========== // -// Azure AI User role assignment - same as reference accelerator +// Foundry User role assignment - same as reference accelerator // Required for AIProjectClient (used for image generation in Foundry mode) resource assignAzureAiUserRole 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid(existingAiServices.id, principalId, azureAiUserRole.id) diff --git a/scripts/local_dev.ps1 b/scripts/local_dev.ps1 index 58080ba02..62f6a8c4d 100644 --- a/scripts/local_dev.ps1 +++ b/scripts/local_dev.ps1 @@ -102,7 +102,7 @@ function Ensure-AzureLogin { } function Ensure-AzureAIUserRole { - Write-Info "Checking Azure AI User role..." + Write-Info "Checking Foundry User role..." # Get env vars $existingProjectId = $null @@ -135,15 +135,15 @@ function Ensure-AzureAIUserRole { $existing = az role assignment list --assignee $signedUserId --role $roleId --scope $scope --query "[0].id" -o tsv 2>$null if ($existing) { - Write-Success "Azure AI User role already assigned." + Write-Success "Foundry User role already assigned." } else { - Write-Info "Assigning Azure AI User role..." + Write-Info "Assigning Foundry User role..." az role assignment create --assignee $signedUserId --role $roleId --scope $scope --output none 2>$null if ($LASTEXITCODE -ne 0) { - Write-Error "Failed to assign Azure AI User role." + Write-Error "Failed to assign Foundry User role." exit 1 } - Write-Success "Azure AI User role assigned." + Write-Success "Foundry User role assigned." } } diff --git a/scripts/local_dev.sh b/scripts/local_dev.sh index 089028eee..30394c7ce 100644 --- a/scripts/local_dev.sh +++ b/scripts/local_dev.sh @@ -100,7 +100,7 @@ ensure_azure_login() { } ensure_azure_ai_user_role() { - print_info "Checking Azure AI User role..." + print_info "Checking Foundry User role..." local existing_project_id="" local foundry_resource_id="" @@ -131,14 +131,14 @@ ensure_azure_ai_user_role() { existing=$(MSYS_NO_PATHCONV=1 az role assignment list --assignee "$signed_user_id" --role "$role_id" --scope "$scope" --query "[0].id" -o tsv 2>/dev/null) if [ -n "$existing" ]; then - print_success "Azure AI User role already assigned." + print_success "Foundry User role already assigned." else - print_info "Assigning Azure AI User role..." + print_info "Assigning Foundry User role..." if ! MSYS_NO_PATHCONV=1 az role assignment create --assignee "$signed_user_id" --role "$role_id" --scope "$scope" --output none 2>/dev/null; then - print_error "Failed to assign Azure AI User role." + print_error "Failed to assign Foundry User role." exit 1 fi - print_success "Azure AI User role assigned." + print_success "Foundry User role assigned." fi }