Clean up

JeffreyCA · JeffreyCA · commit 19ab3d9fb4ee · 2025-05-09T18:21:20.000Z
diff --git a/cli/azd/internal/scaffold/resource_meta.go b/cli/azd/internal/scaffold/resource_meta.go
@@ -112,6 +112,12 @@ var Resources = []ResourceMeta{
 		},
 		RoleAssignments: RoleAssignments{
 			Write: []RoleAssignment{
+				{
+					Name:               "AzureAIDeveloper",
+					RoleDefinitionName: "Azure AI Developer",
+					RoleDefinitionId:   "64702f94-c441-49e6-a78b-ef80e0188fee",
+					Scope:              RoleAssignmentScopeGroup,
+				},
 				{
 					Name:               "CognitiveServicesUser",
 					RoleDefinitionName: "Cognitive Services User",
diff --git a/cli/azd/pkg/project/resources.go b/cli/azd/pkg/project/resources.go
@@ -115,7 +115,7 @@ func (r ResourceType) AzureResourceType() string {
 	case ResourceTypeKeyVault:
 		return "Microsoft.KeyVault/vaults"
 	case ResourceTypeAiProject:
-		return "Microsoft.MachineLearningServices/workspaces"
+		return "Microsoft.CognitiveServices/accounts/projects"
 	case ResourceTypeAiSearch:
 		return "Microsoft.Search/searchServices"
 	}
diff --git a/cli/azd/resources/scaffold/base/modules/ai-search-conn.bicep b/cli/azd/resources/scaffold/base/modules/ai-search-conn.bicep
@@ -33,3 +33,23 @@ resource aiServices 'Microsoft.CognitiveServices/accounts@2025-04-01-preview' ex
     }
   }
 }
+
+resource projectSearchIndexDataContributorAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  scope: search
+  name: guid(subscription().id, resourceGroup().id, aiServices::project.id, '8ebe5a00-799e-43f5-93ac-243d3dce84a7')
+  properties: {
+    principalId: aiServices::project.identity.principalId
+    principalType: 'ServicePrincipal'
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', '8ebe5a00-799e-43f5-93ac-243d3dce84a7')
+  }
+}
+
+resource projectSearchServiceContributorRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  scope: search
+  name: guid(subscription().id, resourceGroup().id, aiServices::project.id, '7ca78c08-252a-4471-8644-bb5ff32d4ba0')
+  properties: {
+    principalId: aiServices::project.identity.principalId
+    principalType: 'ServicePrincipal'
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', '7ca78c08-252a-4471-8644-bb5ff32d4ba0')
+  }
+}
diff --git a/cli/azd/resources/scaffold/templates/ai-project.bicept b/cli/azd/resources/scaffold/templates/ai-project.bicept
@@ -12,6 +12,9 @@ param envName string
 
 param deployments deploymentsType
 
+@description('Id of the user or app to assign application roles')
+param principalId string
+
 resource aiAccount 'Microsoft.CognitiveServices/accounts@2025-04-01-preview' = {
   name: 'ai-account-${resourceToken}'
   location: location
@@ -46,7 +49,7 @@ resource aiAccount 'Microsoft.CognitiveServices/accounts@2025-04-01-preview' = {
     }
   ]
 
-  resource account_name_project_name 'projects@2025-04-01-preview' = {
+  resource project 'projects' = {
     name: envName
     location: location
     identity: {
@@ -62,40 +65,30 @@ resource aiAccount 'Microsoft.CognitiveServices/accounts@2025-04-01-preview' = {
   }
 }
 
-resource projectAiDeveloperRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  scope: resourceGroup()
-  name: guid(subscription().id, resourceGroup().id, aiAccount::account_name_project_name.id, 'fd1bd22b-8476-40bc-a0bc-3260815545e9')
-  properties: {
-    principalId: aiAccount::account_name_project_name.identity.principalId
-    principalType: 'ServicePrincipal'
-    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', 'fd1bd22b-8476-40bc-a0bc-3260815545e9')
-  }
-}
-
-resource projectSearchIndexDataContributorAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+resource localUserAiDeveloperRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
   scope: resourceGroup()
-  name: guid(subscription().id, resourceGroup().id, aiAccount::account_name_project_name.id, '8ebe5a00-799e-43f5-93ac-243d3dce84a7')
+  name: guid(subscription().id, resourceGroup().id, 'localUser', '64702f94-c441-49e6-a78b-ef80e0188fee')
   properties: {
-    principalId: aiAccount::account_name_project_name.identity.principalId
-    principalType: 'ServicePrincipal'
-    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', '8ebe5a00-799e-43f5-93ac-243d3dce84a7')
+    principalId: principalId
+    principalType: 'User'
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', '64702f94-c441-49e6-a78b-ef80e0188fee')
   }
 }
 
-resource projectSearchServiceContributorRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+resource localUserCognitiveServicesUserRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
   scope: resourceGroup()
-  name: guid(subscription().id, resourceGroup().id, aiAccount::account_name_project_name.id, '7ca78c08-252a-4471-8644-bb5ff32d4ba0')
+  name: guid(subscription().id, resourceGroup().id, 'localUser', 'a97b65f3-24c7-4388-baec-2e87135dc908')
   properties: {
-    principalId: aiAccount::account_name_project_name.identity.principalId
-    principalType: 'ServicePrincipal'
-    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', '7ca78c08-252a-4471-8644-bb5ff32d4ba0')
+    principalId: principalId
+    principalType: 'User'
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', 'a97b65f3-24c7-4388-baec-2e87135dc908')
   }
 }
 
-output ENDPOINT string = aiAccount::account_name_project_name.properties.endpoints['AI Foundry API']
-output projectId string = aiAccount::account_name_project_name.id
+output ENDPOINT string = aiAccount::project.properties.endpoints['AI Foundry API']
+output projectId string = aiAccount::project.id
 output aiServicesAccountName string = aiAccount.name
-output aiServicesProjectName string = aiAccount::account_name_project_name.name
+output aiServicesProjectName string = aiAccount::project.name
 
 type deploymentsType = {
   @description('Specify the name of cognitive service account deployment.')
diff --git a/cli/azd/resources/scaffold/templates/main.bicept b/cli/azd/resources/scaffold/templates/main.bicept
@@ -72,11 +72,12 @@ module aiModelsDeploy 'ai-project.bicep' = {
     tags: tags
     location: aiDeploymentsLocation
     envName: environmentName
+    principalId: principalId
 {{- if .AiFoundryProject.Models }}
     deployments: [
       {{- range .AiFoundryProject.Models }}
       {
-        name: '{{bicepName .Name }}deployment'
+        name: '{{bicepName .Name }}Deployment'
         model: {
           name: '{{ .Name }}'
           format: '{{ .Format }}'
diff --git a/cli/azd/resources/scaffold/templates/resources.bicept b/cli/azd/resources/scaffold/templates/resources.bicept
@@ -889,6 +889,16 @@ resource {{bicepName .Name}}backendRoleAzureAIDeveloperRG 'Microsoft.Authorizati
     principalType: 'ServicePrincipal'
   }
 }
+
+resource {{bicepName .Name}}backendRoleCognitiveServicesUserRG 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
+  name: guid(subscription().id, resourceGroup().id, {{bicepName .Name}}Identity.name, 'a97b65f3-24c7-4388-baec-2e87135dc908')
+  scope: resourceGroup()
+  properties: {
+    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a97b65f3-24c7-4388-baec-2e87135dc908') 
+    principalId: {{bicepName .Name}}Identity.outputs.principalId
+    principalType: 'ServicePrincipal'
+  }
+}
 {{- end }}
 {{- end}}
 

Original file line number	Diff line number	Diff line change
`@@ -115,7 +115,7 @@ func (r ResourceType) AzureResourceType() string {`
`115`	`115`	`case ResourceTypeKeyVault:`
`116`	`116`	`return "Microsoft.KeyVault/vaults"`
`117`	`117`	`case ResourceTypeAiProject:`
`118`		`- return "Microsoft.MachineLearningServices/workspaces"`
	`118`	`+ return "Microsoft.CognitiveServices/accounts/projects"`
`119`	`119`	`case ResourceTypeAiSearch:`
`120`	`120`	`return "Microsoft.Search/searchServices"`
`121`	`121`	`}`