Skip to content

fix: Dev to main #583

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Roopan-Microsoft merged 24 commits into from
Oct 14, 2025
Merged

fix: Dev to main #583

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
f218f2c
added dns for exisiting project
AjitPadhi-Microsoft Sep 25, 2025
d224d34
main json file added
AjitPadhi-Microsoft Sep 26, 2025
75ca62b
updated privet endpoint changes
AjitPadhi-Microsoft Sep 26, 2025
2493f2d
refactor: restructure network module by simplifying Bastion and Jumpb…
Abdul-Microsoft Oct 6, 2025
865c0c9
Fixed refference num and section generation issue
AjitPadhi-Microsoft Oct 6, 2025
e7cab4d
updated variable
AjitPadhi-Microsoft Oct 6, 2025
23b0d28
refactor: streamline virtual network and subnet configurations, enhan…
Abdul-Microsoft Oct 7, 2025
3331b9f
refactor: simplify comments in Bastion and Jumpbox modules for clarity
Abdul-Microsoft Oct 7, 2025
9cc3f4e
refactor: rename network security group names
Abdul-Microsoft Oct 7, 2025
033214e
refactor: consolidate Bastion and Jumpbox configurations into virtual…
Abdul-Microsoft Oct 7, 2025
a044e9e
added disable condition
AjitPadhi-Microsoft Oct 7, 2025
fd3461c
Merge pull request #578 from microsoft/PSL-BUG-24399
Roopan-Microsoft Oct 7, 2025
1967e41
Merge pull request #579 from microsoft/networkmodulechanges
Abdul-Microsoft Oct 8, 2025
6ce57fe
Merge remote-tracking branch 'origin/dev' into PSL-US-24017
AjitPadhi-Microsoft Oct 8, 2025
e6e5d43
Updated main json
AjitPadhi-Microsoft Oct 8, 2025
3bc99fc
Merge pull request #570 from microsoft/PSL-US-24017
Prajwal-Microsoft Oct 8, 2025
06ffc6d
added pydantic lib added with version
AjitPadhi-Microsoft Oct 8, 2025
38035a0
quotacheck fix
NirajC-Microsoft Oct 8, 2025
b426be2
Merge pull request #581 from microsoft/app-lib-fix
Prajwal-Microsoft Oct 8, 2025
4016ca5
Merge pull request #582 from microsoft/psl-quotacheck-fix-dg
Roopan-Microsoft Oct 10, 2025
e1ae409
reverted privet endpoint for existing project
AjitPadhi-Microsoft Oct 10, 2025
950268c
Merge pull request #584 from microsoft/revert-existing-project
Prajwal-Microsoft Oct 10, 2025
16ec8f9
Fix frontend failing tests
Oct 14, 2025
bbe902d
Merge pull request #587 from microsoft/fix-tests
Roopan-Microsoft Oct 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
171 changes: 151 additions & 20 deletions infra/main.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ param enableRedundancy bool = false
param enablePrivateNetworking bool = false

@description('Optional. The Container Registry hostname where the docker images are located.')
param acrName string = 'byocgacontainerreg' // testapwaf
param acrName string = 'byocgacontainerreg'

@description('Optional. Image Tag.')
param imageTag string = 'latest_waf_2025-09-18_736'
Expand All @@ -138,7 +138,6 @@ param enablePurgeProtection bool = false
@description('Optional created by user name')
param createdBy string = contains(deployer(), 'userPrincipalName')? split(deployer().userPrincipalName, '@')[0]: deployer().objectId


// ============== //
// Variables //
// ============== //
Expand Down Expand Up @@ -369,17 +368,107 @@ module userAssignedIdentity 'br/public:avm/res/managed-identity/user-assigned-id
}
}

// ========== Network Module ========== //
module network 'modules/network.bicep' = if (enablePrivateNetworking) {
name: take('module.network.${solutionSuffix}', 64)
// ========== Virtual Network and Networking Components ========== //

// Virtual Network with NSGs and Subnets
module virtualNetwork 'modules/virtualNetwork.bicep' = if (enablePrivateNetworking) {
name: take('module.virtualNetwork.${solutionSuffix}', 64)
params: {
name: 'vnet-${solutionSuffix}'
addressPrefixes: ['10.0.0.0/20'] // 4096 addresses (enough for 8 /23 subnets or 16 /24)
location: solutionLocation
tags: tags
logAnalyticsWorkspaceId: logAnalyticsWorkspaceResourceId
resourceSuffix: solutionSuffix
enableTelemetry: enableTelemetry
}
}

// Azure Bastion Host
var bastionHostName = 'bas-${solutionSuffix}'
module bastionHost 'br/public:avm/res/network/bastion-host:0.6.1' = if (enablePrivateNetworking) {
name: take('avm.res.network.bastion-host.${bastionHostName}', 64)
params: {
name: bastionHostName
skuName: 'Standard'
location: solutionLocation
virtualNetworkResourceId: virtualNetwork!.outputs.resourceId
diagnosticSettings: [
{
name: 'bastionDiagnostics'
workspaceResourceId: logAnalyticsWorkspaceResourceId
logCategoriesAndGroups: [
{
categoryGroup: 'allLogs'
enabled: true
}
]
}
]
tags: tags
enableTelemetry: enableTelemetry
publicIPAddressObject: {
name: 'pip-${bastionHostName}'
zones: []
}
}
}

// Jumpbox Virtual Machine
var jumpboxVmName = take('vm-jumpbox-${solutionSuffix}', 15)
module jumpboxVM 'br/public:avm/res/compute/virtual-machine:0.15.0' = if (enablePrivateNetworking) {
name: take('avm.res.compute.virtual-machine.${jumpboxVmName}', 64)
params: {
resourcesName: solutionSuffix
logAnalyticsWorkSpaceResourceId: logAnalyticsWorkspaceResourceId
vmAdminUsername: vmAdminUsername ?? 'JumpboxAdminUser'
vmAdminPassword: vmAdminPassword ?? 'JumpboxAdminP@ssw0rd1234!'
vmSize: vmSize ?? 'Standard_DS2_v2' // Default VM size
name: take(jumpboxVmName, 15) // Shorten VM name to 15 characters to avoid Azure limits
vmSize: vmSize ?? 'Standard_DS2_v2'
location: solutionLocation
adminUsername: vmAdminUsername ?? 'JumpboxAdminUser'
adminPassword: vmAdminPassword ?? 'JumpboxAdminP@ssw0rd1234!'
tags: tags
zone: 0
imageReference: {
offer: 'WindowsServer'
publisher: 'MicrosoftWindowsServer'
sku: '2019-datacenter'
version: 'latest'
}
osType: 'Windows'
osDisk: {
name: 'osdisk-${jumpboxVmName}'
managedDisk: {
storageAccountType: 'Standard_LRS'
}
}
encryptionAtHost: false // Some Azure subscriptions do not support encryption at host
nicConfigurations: [
{
name: 'nic-${jumpboxVmName}'
ipConfigurations: [
{
name: 'ipconfig1'
subnetResourceId: virtualNetwork!.outputs.jumpboxSubnetResourceId
}
]
diagnosticSettings: [
{
name: 'jumpboxDiagnostics'
workspaceResourceId: logAnalyticsWorkspaceResourceId
logCategoriesAndGroups: [
{
categoryGroup: 'allLogs'
enabled: true
}
]
metricCategories: [
{
category: 'AllMetrics'
enabled: true
}
]
}
]
}
]
enableTelemetry: enableTelemetry
}
}
Expand Down Expand Up @@ -425,8 +514,8 @@ module avmPrivateDnsZones 'br/public:avm/res/network/private-dns-zone:0.7.1' = [
enableTelemetry: enableTelemetry
virtualNetworkLinks: [
{
name: take('vnetlink-${network!.outputs.vnetName}-${split(zone, '.')[1]}', 80)
virtualNetworkResourceId: network!.outputs.vnetResourceId
name: take('vnetlink-${virtualNetwork!.outputs.name}-${split(zone, '.')[1]}', 80)
virtualNetworkResourceId: virtualNetwork!.outputs.resourceId
}
]
}
Expand Down Expand Up @@ -479,6 +568,48 @@ module existingAiFoundryAiServicesDeployments 'modules/ai-services-deployments.b
}
}

// ========== Private Endpoint for Existing AI Services ========== //
// var shouldCreatePrivateEndpoint = useExistingAiFoundryAiProject && enablePrivateNetworking
// module existingAiServicesPrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.11.0' = if (shouldCreatePrivateEndpoint) {
// name: take('module.private-endpoint.${existingAiFoundryAiServices.name}', 64)
// params: {
// name: 'pep-${existingAiFoundryAiServices.name}'
// location: location
// subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
// customNetworkInterfaceName: 'nic-${existingAiFoundryAiServices.name}'
// privateDnsZoneGroup: {
// privateDnsZoneGroupConfigs: [
// {
// name: 'ai-services-dns-zone-cognitiveservices'
// privateDnsZoneResourceId: avmPrivateDnsZones[dnsZoneIndex.cognitiveServices]!.outputs.resourceId
// }
// {
// name: 'ai-services-dns-zone-openai'
// privateDnsZoneResourceId: avmPrivateDnsZones[dnsZoneIndex.openAI]!.outputs.resourceId
// }
// {
// name: 'ai-services-dns-zone-aiservices'
// privateDnsZoneResourceId: avmPrivateDnsZones[dnsZoneIndex.aiServices]!.outputs.resourceId
// }
// ]
// }
// privateLinkServiceConnections: [
// {
// name: 'pep-${existingAiFoundryAiServices.name}'
// properties: {
// groupIds: ['account']
// privateLinkServiceId: existingAiFoundryAiServices.id
// }
// }
// ]
// tags: tags
// }
// dependsOn: [
// existingAiFoundryAiServices
// avmPrivateDnsZones
// ]
// }

module aiFoundryAiServices 'br:mcr.microsoft.com/bicep/avm/res/cognitive-services/account:0.13.2' = if (!useExistingAiFoundryAiProject) {
name: take('avm.res.cognitive-services.account.${aiFoundryAiServicesResourceName}', 64)
params: {
Expand Down Expand Up @@ -539,7 +670,7 @@ module aiFoundryAiServices 'br:mcr.microsoft.com/bicep/avm/res/cognitive-service
{
name: 'pep-${aiFoundryAiServicesResourceName}'
customNetworkInterfaceName: 'nic-${aiFoundryAiServicesResourceName}'
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
privateDnsZoneGroup: {
privateDnsZoneGroupConfigs: [
{
Expand Down Expand Up @@ -584,7 +715,7 @@ module aiFoundryAiServicesProject 'modules/ai-project.bicep' = if (!useExistingA
}

var aiFoundryAiProjectEndpoint = useExistingAiFoundryAiProject
? existingAiFoundryAiServicesProject!.properties.endpoints['AI Foundry API']
? 'https://${aiFoundryAiServicesResourceName}.services.ai.azure.com/api/projects/${aiFoundryAiProjectResourceName}'
: aiFoundryAiServicesProject!.outputs.apiEndpoint

// ========== Search Service to AI Services Role Assignment ========== //
Expand Down Expand Up @@ -666,7 +797,7 @@ module aiSearch 'br/public:avm/res/search/search-service:0.11.1' = {
{ privateDnsZoneResourceId: avmPrivateDnsZones[dnsZoneIndex.searchService]!.outputs.resourceId }
]
}
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
service: 'searchService'
}
]
Expand Down Expand Up @@ -756,7 +887,7 @@ module storageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = {
}
]
}
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
service: 'blob'
}
{
Expand All @@ -769,7 +900,7 @@ module storageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = {
}
]
}
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
service: 'queue'
}
]
Expand Down Expand Up @@ -833,7 +964,7 @@ module cosmosDB 'br/public:avm/res/document-db/database-account:0.15.0' = {
]
}
service: 'Sql'
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
}
]
: []
Expand Down Expand Up @@ -899,7 +1030,7 @@ module keyvault 'br/public:avm/res/key-vault/vault:0.12.1' = {
]
}
service: 'vault'
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
}
]
: []
Expand Down Expand Up @@ -1086,7 +1217,7 @@ module webSite 'modules/web-sites.bicep' = {
// WAF aligned configuration for Private Networking
vnetRouteAllEnabled: enablePrivateNetworking ? true : false
vnetImagePullEnabled: enablePrivateNetworking ? true : false
virtualNetworkSubnetId: enablePrivateNetworking ? network!.outputs.subnetWebResourceId : null
virtualNetworkSubnetId: enablePrivateNetworking ? virtualNetwork!.outputs.webSubnetResourceId : null
publicNetworkAccess: 'Enabled'
}
}
Expand Down
Loading
Loading