v2.0.3

Added

• scripts/Invoke-PreflightChecks.ps1 — regional readiness block (issue #72): the existing preflight script now extends its read-only validation with a regional/subscription readiness pass, so any consumer of the landing zone (including Azure/gpt-rag) can delete its duplicated regional preflight wrapper. The new Test-RegionalReadiness function runs after the existing parameter/topology/Azure-resource checks and adds the following findings — driven entirely by the effective main.parameters.json so no consumer-specific logic lives in the script:
  • Subscription drift (AZ_SUB_DRIFT / AZ_LOGIN_REQUIRED) — when invoked from an azd preprovision hook (signal: AZURE_SUBSCRIPTION_ID present in the azd env), FAIL if the az CLI default subscription differs from the one recorded in the azd environment, or if az is not logged in at all. Skipped silently when run standalone (no azd env).
  • Provider/location support per resource type (<PREFIX>_NOT_IN_REGION FAIL, <PREFIX>_PROVIDER_UNREG FAIL, <PREFIX>_PROVIDER_LOOKUP WARN) — for every resource type the landing zone provisions: AI Search (Microsoft.Search/searchServices), Cosmos DB (Microsoft.DocumentDB/databaseAccounts), Container Apps environments (Microsoft.App/managedEnvironments), AI Foundry / Cognitive Services (Microsoft.CognitiveServices/accounts), Key Vault, Storage, App Configuration, Log Analytics, Application Insights. Each check is gated on the corresponding deploy* feature flag, with the same default-on semantics as main.parameters.json (so flags omitted from the file or env still trigger the check). Locations are resolved with the same location → aiFoundryLocation → cosmosLocation fallback chain used elsewhere in the templates.
  • Transient regional capacity warnings (SEARCH_CAPACITY, COSMOS_CAPACITY, ACA_WORKLOAD_PROFILE_CAPACITY) — WARN (non-blocking) for the resources known to occasionally fail at provision time even when the region lists them as supported: AI Search with InsufficientResourcesAvailable, Cosmos DB with ServiceUnavailable, Container Apps Environment workload-profile capacity in popular regions. The hint links to the companion docs page at https://azure.github.io/AI-Landing-Zones/bicep/regional-considerations/. These warnings exist because no reliable pre-create quota API is exposed for these signals — surfacing them as WARN gives operators clear context if provisioning later fails, rather than letting them interpret the failure as a template bug.
  • Jumpbox VM SKU availability (JUMPBOX_VM_NOT_FOUND / JUMPBOX_VM_RESTRICTED FAIL, JUMPBOX_VM_LOOKUP WARN) — when deployJumpbox=true (or the legacy umbrella deployVM=true), runs az vm list-skus --location <region> --size <vmSize> --all to confirm the requested vmSize is both offered and not restricted in the region for the current subscription.
  • AI model quota (MODEL_QUOTA_INSUFFICIENT FAIL, MODEL_QUOTA_OK PASS, MODEL_QUOTA_LOOKUP WARN) — when deployAiFoundry=true, iterates modelDeploymentList and calls az cognitiveservices usage list --location <aiFoundryLocation>. For every format=OpenAI entry, looks up OpenAI.<sku.name>.<model.name> in the usage response and verifies (limit - currentValue) >= sku.capacity. Aggregates all per-model failures into a single finding with the regional quota-increase URL in the hint.
  • Skippability — the new block honours the existing PREFLIGHT_SKIP=true emergency bypass and -SkipAzureLookups (offline/CI). Additionally, the new -SkipRegional switch and LZ_PREFLIGHT_REGIONAL_SKIP=true env var skip only this block while keeping the deterministic parameter/topology/CIDR/BYO checks running. WARN findings remain non-fatal unless -Strict is passed (unchanged exit-code contract: 0 pass, 1 fatal, 2 warnings-only under -Strict).
  • Tests — tests/scripts/Invoke-PreflightChecks.Tests.ps1 extended with smoke coverage for Get-NormalizedLocation, the LZ_PREFLIGHT_REGIONAL_SKIP skip path, the -SkipAzureLookups suppression, and the empty-location early-return. 28 assertions total (up from 22), still ~1s and zero Azure calls.