feat: Refactor principal type and ID handling in workflow and parameter files

Author: Harmanpreet-Microsoft

.github/workflows/azd-template-validation.yml

@@ -26,12 +26,6 @@ jobs:
         run: |
           yq -i 'del(.hooks.postprovision[] | select(.run == "./submodules/ai-landing-zone/bicep/scripts/postprovision.ps1"))' azure.yaml
 
-      # Set principalType to ServicePrincipal for CI/CD deployment
-      - name: Configure bicepparam for service principal
-        run: |
-          sed -i "s/param principalType = 'User'/param principalType = readEnvironmentVariable('principalType', 'User')/" infra/main.bicepparam
-          sed -i "s/param principalId = ''/param principalId = readEnvironmentVariable('principalId', '')/" infra/main.bicepparam
-
       - uses: microsoft/template-validation-action@Latest
         with:
           validateAzd: ${{ vars.TEMPLATE_VALIDATE_AZD }}
@@ -46,7 +40,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           TEMP: /tmp
           fabricCapacityMode: 'none'
-          principalId: ${{ vars.PRINCIPAL_ID || secrets.AZURE_CLIENT_ID }}
-          principalType: 'ServicePrincipal'
+          AZURE_PRINCIPAL_ID: ${{ vars.PRINCIPAL_ID || secrets.AZURE_CLIENT_ID }}
+          AZURE_PRINCIPAL_TYPE: 'ServicePrincipal'
       - name: print result
         run: cat ${{ steps.validation.outputs.resultFile }}

.github/workflows/azure-dev.yml

@@ -30,10 +30,6 @@ jobs:
         uses: actions/checkout@v4
         with:
           submodules: recursive
-      - name: Configure bicepparam for service principal
-        run: |
-          sed -i "s/param principalType = 'User'/param principalType = readEnvironmentVariable('principalType', 'User')/" infra/main.bicepparam
-          sed -i "s/param principalId = ''/param principalId = readEnvironmentVariable('principalId', '')/" infra/main.bicepparam
       - name: Install azd
         uses: Azure/setup-azd@v2
       - name: Azure Developer CLI Login
@@ -84,8 +80,8 @@ jobs:
           
           # Set environment variables
           azd env set AZURE_RESOURCE_GROUP "$RESOURCE_GROUP"
-          azd env set principalType ServicePrincipal
-          azd env set principalId $principalId
+          azd env set AZURE_PRINCIPAL_TYPE ServicePrincipal
+          azd env set AZURE_PRINCIPAL_ID $principalId
           azd env set fabricWorkspaceMode none
       - name: Provision Infrastructure
         id: provision-main

infra/main.bicepparam

@@ -9,7 +9,7 @@ param location = readEnvironmentVariable('AZURE_LOCATION', '')
 param cosmosLocation = readEnvironmentVariable('AZURE_COSMOS_LOCATION', '')
 // Entra object ID of the identity to grant RBAC (user, group, service principal, or UAI). Set this if Graph lookup is blocked.
 param principalId = readEnvironmentVariable('AZURE_PRINCIPAL_ID', '')
-param principalType = 'User'
+param principalType = readEnvironmentVariable('AZURE_PRINCIPAL_TYPE', 'User')
 
 // ========================================
 // OPTIONAL INPUTS (Existing Resources)