fix-model-endpoint-save - Fixed model endpoint save so that it uses the azure_environment variable to determine default management cloud.

[chadpalmer]

This pull request addresses a bug where model endpoint saves could incorrectly persist the auth.management_cloud field as public when the cloud selector was hidden in the Admin UI. The update ensures that the management cloud setting always aligns with the AZURE_ENVIRONMENT variable when the field is not user-editable, preventing token audience and scope mismatches for government environments. The release notes and functional tests have also been updated to reflect and verify this behavior.

Bug Fixes: Model Endpoint Management Cloud Enforcement

Enforced management_cloud alignment with AZURE_ENVIRONMENT in normalize_model_endpoints, ensuring the field cannot be set to an incorrect default when the admin UI does not expose cloud selection. This includes new helper functions _get_default_management_cloud_from_environment and _is_management_cloud_user_editable in functions_settings.py. [1] [2]
Added a focused functional test (test_model_endpoint_management_cloud_default.py) to verify that hidden admin UI paths cannot persist incorrect management_cloud defaults.
Documentation

Updated release notes in release_notes.md to describe the bug fix and the new normalization guard for model endpoint management cloud enforcement.
Versioning

Bumped application version to 0.241.008 in config.py.

[chadpalmer]

@paullizer @Bionic711 I just opened this PR yesterday and I saw the workflow note and link, but I don't see the button it is referring to. Is there anything else I need to do on my end for this PR? Please let me know. Thanks, and have a great afternoon!

[Bionic711]

@chadpalmer Reach out to me on Teams when you have some time. I want to better understand what you were seeing. The only time the cloud designation should have impacted anything was in a cross-cloud scenario. You may have also missed the custom cloud scenario in the code (I only see gob and public which skips AGC).

[chadpalmer]

@chadpalmer Reach out to me on Teams when you have some time. I want to better understand what you were seeing. The only time the cloud designation should have impacted anything was in a cross-cloud scenario. You may have also missed the custom cloud scenario in the code (I only see gob and public which skips AGC).

Hi @Bionic711, sorry for the delay. I was at my father's funeral earlier this week. I work at DHS and don't have access to your Teams account for setting up a meeting. Is there a different way I can meet with you to go over this issue? Joshua Wilshere would also like to join us in the meeting. Please let me know. Thanks, and have a great afternoon!