Merge pull request #128 from Rafi-Microsoft/psl-vmpasswordfix

Roopan-Microsoft · web-flow · commit 20473078eaa1 · 2026-04-09T22:09:07.000+05:30
fix: Set functional default VM admin password and credential params
diff --git a/docs/ACCESSING_PRIVATE_RESOURCES.md b/docs/ACCESSING_PRIVATE_RESOURCES.md
@@ -18,9 +18,9 @@ azd env get-values | grep jumpVm
 
 # Or in Azure Portal:
 # 1. Navigate to your resource group
-# 2. Find the VM (usually named like "vm-jump-<env>")
+# 2. Find the VM resource created for the jump box
 # 3. Click "Connect" → "Bastion"
-# 4. Enter the username and password (auto-generated during deployment)
+# 4. Enter the username and password you set via VM_ADMIN_USERNAME / VM_ADMIN_PASSWORD
 ```
 
 ### 2. From Jump VM, Access Private Services
@@ -169,7 +169,13 @@ You can configure services without private endpoints by modifying individual ser
 
 ### Jump VM credentials unknown
 
-Credentials are auto-generated during deployment. To reset:
+If you did not set the credentials before deployment, use the top-layer defaults or reset them:
+
+- Username: `VM_ADMIN_USERNAME` environment variable, or `vmUserName` in [infra/main.bicepparam](../infra/main.bicepparam)
+- Default username when unset: `testvmuser`
+- Password: `VM_ADMIN_PASSWORD` environment variable, or `vmAdminPassword` in [infra/main.bicepparam](../infra/main.bicepparam)
+
+To reset:
 
 ```bash
 az vm user update \
diff --git a/docs/deploy_app_from_foundry.md b/docs/deploy_app_from_foundry.md
@@ -24,7 +24,7 @@ Since all resources are deployed with private endpoints, you must access Microso
 2. Navigate to your resource group
 3. Select the **Jump VM** (Windows Virtual Machine)
 4. Click **Connect** → **Bastion**
-5. Enter the VM credentials (set during deployment)
+5. Enter the VM credentials you configured in the top layer (`VM_ADMIN_USERNAME` / `VM_ADMIN_PASSWORD`, or [infra/main.bicepparam](../infra/main.bicepparam))
 6. Once connected, open a browser and navigate to [Microsoft Foundry](https://ai.azure.com)
 
 ### 2. Configure Your Playground
diff --git a/docs/deploymentguide.md b/docs/deploymentguide.md
@@ -202,8 +202,22 @@ Edit `infra/main.bicepparam` or set environment variables:
 | `postgreSqlNetworkIsolation` | PostgreSQL private networking toggle (defaults to `networkIsolation`) | `networkIsolation` |
 | `useExistingVNet` | Reuse an existing VNet | `false` |
 | `existingVnetResourceId` | Existing VNet resource ID (when `useExistingVNet=true`) | `` |
-| `vmUserName` | Jump box VM admin username | `` |
-| `vmAdminPassword` | Jump box VM admin password | (prompted) |
+| `vmUserName` | Jump box VM admin username | `VM_ADMIN_USERNAME` env var or `testvmuser` |
+| `vmAdminPassword` | Jump box VM admin password | `VM_ADMIN_PASSWORD` env var |
+
+For network-isolated deployments, set the VM credentials before running `azd up`:
+
+```powershell
+azd env set VM_ADMIN_USERNAME "youradminuser"
+azd env set VM_ADMIN_PASSWORD "Use-A-Strong-Password-Here!"
+```
+
+If you prefer source-controlled defaults, set them in [infra/main.bicepparam](../infra/main.bicepparam) instead:
+
+```bicep
+param vmUserName = 'youradminuser'
+param vmAdminPassword = 'Use-A-Strong-Password-Here!'
+```
 
 </details>
 
diff --git a/docs/post_deployment_steps.md b/docs/post_deployment_steps.md
@@ -209,9 +209,10 @@ For network-isolated deployments, use Azure Bastion to access resources:
 
    ![Image showing bastion blade](../img/provisioning/checkNetworkIsolation7.png)
 
-4. Enter the VM admin credentials (set during deployment) and click **Connect**
-   - Admin username: `vmUserName` in [infra/main.bicep](../infra/main.bicep)
-   - Admin password: `vmAdminPassword` in [infra/main.bicepparam](../infra/main.bicepparam) (defaults to the `VM_ADMIN_PASSWORD` environment variable)
+4. Enter the VM admin credentials and click **Connect**
+   - Admin username: `vmUserName` in [infra/main.bicepparam](../infra/main.bicepparam) or the `VM_ADMIN_USERNAME` environment variable
+   - Admin password: `vmAdminPassword` in [infra/main.bicepparam](../infra/main.bicepparam) or the `VM_ADMIN_PASSWORD` environment variable
+   - If `vmUserName` is not set in the top layer, the effective default is `testvmuser`
    - If you do not have them, reset the password in **Azure Portal** → **Virtual machine** → **Reset password**.
 
    ![Image showing bastion login](../img/provisioning/checkNetworkIsolation8.png)
diff --git a/infra/main.bicepparam b/infra/main.bicepparam
@@ -204,7 +204,8 @@ param containerAppsList = [
   }
 ]
 
-param vmAdminPassword = readEnvironmentVariable('VM_ADMIN_PASSWORD', '$(secretOrRandomPassword)')
+param vmUserName = readEnvironmentVariable('VM_ADMIN_USERNAME', 'testvmuser')
+param vmAdminPassword = readEnvironmentVariable('VM_ADMIN_PASSWORD', 'JumpboxAdminP@ssw0rd1234!')
 param vmSize = 'Standard_D2s_v4'
 
 // ========================================

Original file line number	Diff line number	Diff line change
`@@ -204,7 +204,8 @@ param containerAppsList = [`
`204`	`204`	`}`
`205`	`205`	`]`
`206`	`206`
`207`		`-param vmAdminPassword = readEnvironmentVariable('VM_ADMIN_PASSWORD', '$(secretOrRandomPassword)')`
	`207`	`+param vmUserName = readEnvironmentVariable('VM_ADMIN_USERNAME', 'testvmuser')`
	`208`	`+param vmAdminPassword = readEnvironmentVariable('VM_ADMIN_PASSWORD', 'JumpboxAdminP@ssw0rd1234!')`
`208`	`209`	`param vmSize = 'Standard_D2s_v4'`
`209`	`210`
`210`	`211`	`// ========================================`