refactor: update parameter names and improve subnet delegation in Bicep files

Abdul-Microsoft · Abdul-Microsoft · commit 33763ed460da · 2025-10-22T16:33:26.000+05:30
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -140,7 +140,7 @@ jobs:
             --template-file infra/main.bicep \
             --parameters \
                 solutionName="${{ env.SOLUTION_PREFIX }}" \
-                aiDeploymentsLocation='${{ env.AZURE_LOCATION }}' \
+                azureAiServiceLocation='${{ env.AZURE_LOCATION }}' \
                 capacity=${{ env.GPT_MIN_CAPACITY }} \
                 imageVersion="${IMAGE_TAG}" \
                 createdBy="Pipeline" \
diff --git a/infra/main.bicep b/infra/main.bicep
@@ -245,7 +245,7 @@ var privateDnsZones = [
   'privatelink.documents.azure.com'
   'privatelink.vaultcore.azure.net'
   'privatelink.blob.${environment().suffixes.storage}'
-  'privatelink.queue.${environment().suffixes.storage}'
+  'privatelink.file.${environment().suffixes.storage}'
 ]
  
 // DNS Zone Index Constants
@@ -256,7 +256,7 @@ var dnsZoneIndex = {
   cosmosDB: 3
   keyVault: 4
   storageBlob: 5
-  storageQueue: 6
+  storageFile: 6
 }
 
 // ===================================================
@@ -267,7 +267,7 @@ var dnsZoneIndex = {
 @batchSize(5)
 module avmPrivateDnsZones 'br/public:avm/res/network/private-dns-zone:0.7.1' = [
   for (zone, i) in privateDnsZones: if (enablePrivateNetworking) {
-    name: 'avm.res.network.private-dns-zone.${split(zone, '.')[1]}.${solutionSuffix}'
+    name: take('avm.res.network.private-dns-zone.${split(zone, '.')[1]}.${solutionSuffix}', 64)
     params: {
       name: zone
       tags: allTags
@@ -403,7 +403,7 @@ module aiServices 'modules/ai-foundry/aifoundry.bicep' = {
     managedIdentities: {
       systemAssigned: true
     }
-    publicNetworkAccess: 'Enabled'
+    publicNetworkAccess: 'Disabled'
     networkAcls: {
       bypass: 'AzureServices'
       defaultAction: 'Allow'
@@ -448,7 +448,7 @@ module storageAccount 'modules/storageAccount.bicep' = {
           virtualNetworkResourceId: virtualNetwork!.outputs.resourceId
           subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
           blobPrivateDnsZoneResourceId: avmPrivateDnsZones[dnsZoneIndex.storageBlob]!.outputs.resourceId
-          filePrivateDnsZoneResourceId: avmPrivateDnsZones[dnsZoneIndex.storageQueue]!.outputs.resourceId
+          filePrivateDnsZoneResourceId: avmPrivateDnsZones[dnsZoneIndex.storageFile]!.outputs.resourceId
         }
       : null
     containers: [
diff --git a/infra/modules/virtualNetwork.bicep b/infra/modules/virtualNetwork.bicep
@@ -2,7 +2,7 @@
 // Networking - NSGs, VNET and Subnets. Each subnet has its own NSG
 /****************************************************************************************************************************/
 @description('Name of the virtual network.')
-param name string 
+param name string
 
 @description('Azure region to deploy resources.')
 param location string = resourceGroup().location
@@ -15,7 +15,7 @@ param subnets subnetType[] = [
   {
     name: 'web'
     addressPrefixes: ['10.0.0.0/23'] // /23 (10.0.0.0 - 10.0.1.255), 512 addresses
-    delegation: 'Microsoft.Web/serverFarms'
+    delegation: 'Microsoft.App/environments'
     networkSecurityGroup: {
       name: 'nsg-web'
       securityRules: [
@@ -41,8 +41,8 @@ param subnets subnetType[] = [
             protocol: '*'
             sourcePortRange: '*'
             destinationPortRange: '*'
-            sourceAddressPrefixes: ['10.0.0.0/23']
-            destinationAddressPrefixes: ['10.0.0.0/23']
+            sourceAddressPrefixes: ['10.0.0.0/23'] // From same subnet
+            destinationAddressPrefixes: ['10.0.0.0/23'] // To same subnet
           }
         }
         {
@@ -280,10 +280,18 @@ output subnets subnetOutputType[] = [
 ]
 
 // Dynamic outputs for individual subnets for backward compatibility
-output webSubnetResourceId string = contains(map(subnets, subnet => subnet.name), 'web') ? virtualNetwork.outputs.subnetResourceIds[indexOf(map(subnets, subnet => subnet.name), 'web')] : ''
-output pepsSubnetResourceId string = contains(map(subnets, subnet => subnet.name), 'peps') ? virtualNetwork.outputs.subnetResourceIds[indexOf(map(subnets, subnet => subnet.name), 'peps')] : ''
-output bastionSubnetResourceId string = contains(map(subnets, subnet => subnet.name), 'AzureBastionSubnet') ? virtualNetwork.outputs.subnetResourceIds[indexOf(map(subnets, subnet => subnet.name), 'AzureBastionSubnet')] : ''
-output jumpboxSubnetResourceId string = contains(map(subnets, subnet => subnet.name), 'jumpbox') ? virtualNetwork.outputs.subnetResourceIds[indexOf(map(subnets, subnet => subnet.name), 'jumpbox')] : ''
+output webSubnetResourceId string = contains(map(subnets, subnet => subnet.name), 'web')
+  ? virtualNetwork.outputs.subnetResourceIds[indexOf(map(subnets, subnet => subnet.name), 'web')]
+  : ''
+output pepsSubnetResourceId string = contains(map(subnets, subnet => subnet.name), 'peps')
+  ? virtualNetwork.outputs.subnetResourceIds[indexOf(map(subnets, subnet => subnet.name), 'peps')]
+  : ''
+output bastionSubnetResourceId string = contains(map(subnets, subnet => subnet.name), 'AzureBastionSubnet')
+  ? virtualNetwork.outputs.subnetResourceIds[indexOf(map(subnets, subnet => subnet.name), 'AzureBastionSubnet')]
+  : ''
+output jumpboxSubnetResourceId string = contains(map(subnets, subnet => subnet.name), 'jumpbox')
+  ? virtualNetwork.outputs.subnetResourceIds[indexOf(map(subnets, subnet => subnet.name), 'jumpbox')]
+  : ''
 
 @export()
 @description('Custom type definition for subnet resource information as output')
@@ -307,8 +315,8 @@ type subnetType = {
   @description('Required. The Name of the subnet resource.')
   name: string
 
-  @description('Required. Prefixes for the subnet.')  // Required to ensure at least one prefix is provided
-  addressPrefixes: string[]   
+  @description('Required. Prefixes for the subnet.') // Required to ensure at least one prefix is provided
+  addressPrefixes: string[]
 
   @description('Optional. The delegation to enable on the subnet.')
   delegation: string?
