fix for disable local auth issues

Abdul-Microsoft · Abdul-Microsoft · commit 6b0b574e2109 · 2025-05-09T17:27:40.000+05:30
diff --git a/infra/deploy_ai_foundry.bicep b/infra/deploy_ai_foundry.bicep
@@ -6,7 +6,7 @@ param gptModelName string
 param gptModelVersion string
 param managedIdentityObjectId string
 param aiServicesEndpoint string
-param aiServices object
+param aiServicesKey string
 param aiServicesId string
 
 var storageName = '${solutionName}hubstorage'
@@ -133,11 +133,8 @@ resource aiHub 'Microsoft.MachineLearningServices/workspaces@2023-08-01-preview'
     properties: {
       category: 'AIServices'
       target: aiServicesEndpoint
-      authType: 'ApiKey'
+      authType: 'AAD'
       isSharedToAll: true
-      credentials: {
-        key: aiServices.Key.key1
-      }
       metadata: {
         ApiType: 'Azure'
         ResourceId: aiServicesId
@@ -187,7 +184,7 @@ resource azureOpenAIApiKeyEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-pr
   parent: keyVault
   name: 'AZURE-OPENAI-KEY'
   properties: {
-    value: aiServices.Key.key1 //aiServices_m.listKeys().key1
+    value: aiServicesKey //aiServices_m.listKeys().key1
   }
 }
 
@@ -251,7 +248,7 @@ resource cogServiceKeyEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-previe
   parent: keyVault
   name: 'COG-SERVICES-KEY'
   properties: {
-    value: aiServices.Key.key1
+    value: aiServicesKey
   }
 }
 
diff --git a/infra/main.bicep b/infra/main.bicep
@@ -168,7 +168,7 @@ module aifoundry 'deploy_ai_foundry.bicep' = {
     gptModelVersion: gptModelVersion
     managedIdentityObjectId: managedIdentityModule.outputs.managedIdentityOutput.objectId
     aiServicesEndpoint: aiServices.properties.endpoint
-    aiServices: aiServices
+    aiServicesKey: aiServices.listKeys().key1
     aiServicesId: aiServices.id
   }
   scope: resourceGroup(resourceGroup().name)
@@ -462,6 +462,15 @@ resource aiDeveloperAccessProj 'Microsoft.Authorization/roleAssignments@2022-04-
   }
 }
 
+resource aiDevelopertoAIProject 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(aiServices.name, aiHubProject.id, aiDeveloper.id)
+  scope: aiServices
+  properties: {
+    roleDefinitionId: aiDeveloper.id
+    principalId: aiHubProject.identity.principalId
+  }
+}
+
 var cosmosAssignCli = 'az cosmosdb sql role assignment create --resource-group "${resourceGroup().name}" --account-name "${cosmos.name}" --role-definition-id "${cosmos::contributorRoleDefinition.id}" --scope "${cosmos.id}" --principal-id "${containerApp.identity.principalId}"'
 
 module managedIdentityModule 'deploy_managed_identity.bicep' = {
diff --git a/infra/main.json b/infra/main.json
@@ -6,7 +6,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.35.1.17967",
-      "templateHash": "18228555099764132241"
+      "templateHash": "8798142813454376636"
     }
   },
   "parameters": {
@@ -546,6 +546,20 @@
         "containerApp"
       ]
     },
+    "aiDevelopertoAIProject": {
+      "type": "Microsoft.Authorization/roleAssignments",
+      "apiVersion": "2022-04-01",
+      "scope": "[format('Microsoft.CognitiveServices/accounts/{0}', variables('aiServicesName'))]",
+      "name": "[guid(variables('aiServicesName'), resourceId('Microsoft.MachineLearningServices/workspaces', format('{0}-aiproject', parameters('prefix'))), resourceId('Microsoft.Authorization/roleDefinitions', '64702f94-c441-49e6-a78b-ef80e0188fee'))]",
+      "properties": {
+        "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '64702f94-c441-49e6-a78b-ef80e0188fee')]",
+        "principalId": "[reference('aiHubProject', '2024-01-01-preview', 'full').identity.principalId]"
+      },
+      "dependsOn": [
+        "aiHubProject",
+        "aiServices"
+      ]
+    },
     "kvault": {
       "type": "Microsoft.Resources/deployments",
       "apiVersion": "2022-09-01",
@@ -712,7 +726,7 @@
             "_generator": {
               "name": "bicep",
               "version": "0.35.1.17967",
-              "templateHash": "9490638595753234802"
+              "templateHash": "12578060348489775267"
             }
           },
           "parameters": {
@@ -767,11 +781,8 @@
               "properties": {
                 "category": "AIServices",
                 "target": "[parameters('aiServicesEndpoint')]",
-                "authType": "ApiKey",
+                "authType": "AAD",
                 "isSharedToAll": true,
-                "credentials": {
-                  "key": "[parameters('aiServicesKey')]"
-                },
                 "metadata": {
                   "ApiType": "Azure",
                   "ResourceId": "[parameters('aiServicesId')]"
