Merge branch 'dev' into ve-networkchanges

Author: Abdul-Microsoft

.github/workflows/deploy.yml

@@ -33,16 +33,16 @@ jobs:
 
       - name: Login to Azure
         run: |
-          az login --service-principal -u ${{ secrets.AZURE_MAINTENANCE_CLIENT_ID }} -p ${{ secrets.AZURE_MAINTENANCE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }}
-          az account set --subscription ${{ secrets.AZURE_MAINTENANCE_SUBSCRIPTION_ID }}
+          az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }}
+          az account set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
       - name: Run Quota Check
         id: quota-check
         run: |
-          export AZURE_MAINTENANCE_CLIENT_ID=${{ secrets.AZURE_MAINTENANCE_CLIENT_ID }}
+          export AZURE_CLIENT_ID=${{ secrets.AZURE_CLIENT_ID }}
           export AZURE_TENANT_ID=${{ secrets.AZURE_TENANT_ID }}
-          export AZURE_MAINTENANCE_CLIENT_SECRET=${{ secrets.AZURE_MAINTENANCE_CLIENT_SECRET }}
-          export AZURE_MAINTENANCE_SUBSCRIPTION_ID="${{ secrets.AZURE_MAINTENANCE_SUBSCRIPTION_ID }}"
+          export AZURE_CLIENT_SECRET=${{ secrets.AZURE_CLIENT_SECRET }}
+          export AZURE_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}"
           export GPT_MIN_CAPACITY="100"
           export AZURE_REGIONS="${{ vars.AZURE_REGIONS }}"
 
@@ -301,8 +301,8 @@ jobs:
 
       - name: Login to Azure
         run: |
-          az login --service-principal -u ${{ secrets.AZURE_MAINTENANCE_CLIENT_ID }} -p ${{ secrets.AZURE_MAINTENANCE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }}
-          az account set --subscription ${{ secrets.AZURE_MAINTENANCE_SUBSCRIPTION_ID }}
+          az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }}
+          az account set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
       - name: Delete Bicep Deployment
         if: always()
@@ -459,7 +459,7 @@ jobs:
             
             echo "Processing KeyVault: $keyvault_name"
             # Check if the KeyVault is soft-deleted
-            deleted_vaults=$(az keyvault list-deleted --query "[?name=='$keyvault_name']" -o json --subscription ${{ secrets.AZURE_MAINTENANCE_SUBSCRIPTION_ID }})
+            deleted_vaults=$(az keyvault list-deleted --query "[?name=='$keyvault_name']" -o json --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }})
 
             # If the KeyVault is found in the soft-deleted state, purge it
             if [ "$(echo "$deleted_vaults" | jq length)" -gt 0 ]; then

.github/workflows/test-automation.yml

@@ -31,8 +31,8 @@ jobs:
 
       - name: Login to Azure
         run: |
-          az login --service-principal -u ${{ secrets.AZURE_MAINTENANCE_CLIENT_ID }} -p ${{ secrets.AZURE_MAINTENANCE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }}
-          az account set --subscription ${{ secrets.AZURE_MAINTENANCE_SUBSCRIPTION_ID }}
+          az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }}
+          az account set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
       - name: Install dependencies
         run: |

azure.yaml

@@ -14,7 +14,10 @@ hooks:
   postprovision:
     posix:
       shell: sh
-      run: sed -i 's/\r$//' ./infra/scripts/post_deployment.sh; ./infra/scripts/post_deployment.sh
+      run: |  
+        sudo chmod u+r+x ./infra/scripts/post_deployment.sh
+        sed -i 's/\r$//' ./infra/scripts/post_deployment.sh
+        ./infra/scripts/post_deployment.sh
       interactive: true
     windows:
       shell: pwsh

infra/main.bicep

@@ -61,7 +61,10 @@ param publicContainerImageEndpoint string = 'cpscontainerreg.azurecr.io'
 @description('Optional. The resource group location.')
 param resourceGroupLocation string = resourceGroup().location
 
-@description('Optional. Enable WAF for the deployment.')
+@description('Optional. The resource name format string.')
+param resourceNameFormatString string = '{0}avm-cps'
+
+@description('Optional. Enable private networking for applicable resources, aligned with the Well Architected Framework recommendations. Defaults to false.')
 param enablePrivateNetworking bool = false
 
 @description('Optional. Enable/Disable usage telemetry for module.')
@@ -979,6 +982,7 @@ module avmAppConfig 'br/public:avm/res/app-configuration/configuration-store:0.6
   params: {
     name: 'appcs-${solutionSuffix}'
     location: resourceGroupLocation
+    enablePurgeProtection: false
     tags: {
       app: solutionSuffix
       location: resourceGroupLocation

infra/scripts/checkquota.sh

@@ -3,15 +3,15 @@
 # List of Azure regions to check for quota (update as needed)
 IFS=', ' read -ra REGIONS <<< "$AZURE_REGIONS"
 
-SUBSCRIPTION_ID="${AZURE_MAINTENANCE_SUBSCRIPTION_ID}"
+SUBSCRIPTION_ID="${AZURE_SUBSCRIPTION_ID}"
 GPT_MIN_CAPACITY="${GPT_MIN_CAPACITY}"
-AZURE_MAINTENANCE_CLIENT_ID="${AZURE_MAINTENANCE_CLIENT_ID}"
+AZURE_CLIENT_ID="${AZURE_CLIENT_ID}"
 AZURE_TENANT_ID="${AZURE_TENANT_ID}"
-AZURE_MAINTENANCE_CLIENT_SECRET="${AZURE_MAINTENANCE_CLIENT_SECRET}"
+AZURE_CLIENT_SECRET="${AZURE_CLIENT_SECRET}"
 
 # Authenticate using Managed Identity
 echo "Authentication using Managed Identity..."
-if ! az login --service-principal -u "$AZURE_MAINTENANCE_CLIENT_ID" -p "$AZURE_MAINTENANCE_CLIENT_SECRET" --tenant "$AZURE_TENANT_ID"; then
+if ! az login --service-principal -u "$AZURE_CLIENT_ID" -p "$AZURE_CLIENT_SECRET" --tenant "$AZURE_TENANT_ID"; then
    echo "❌ Error: Failed to login using Managed Identity."
    exit 1
 fi