Merge pull request #224 from microsoft/psl-fixPrincipalTypeIssue

Prajwal-Microsoft · web-flow · commit 279aced61d08 · 2025-07-22T14:43:10.000+05:30
fix: add principalType as 'ServicePrincipal' for role assignments
diff --git a/infra/main.bicep b/infra/main.bicep
@@ -447,6 +447,7 @@ module avmKeyVault './modules/key-vault.bicep' = {
       {
         principalId: avmManagedIdentity.outputs.principalId
         roleDefinitionIdOrName: 'Key Vault Administrator'
+        principalType: 'ServicePrincipal'
       }
     ]
     enablePurgeProtection: false
@@ -503,6 +504,7 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = {
       {
         principalId: avmManagedIdentity.outputs.principalId
         roleDefinitionIdOrName: 'Storage Blob Data Contributor'
+        principalType: 'ServicePrincipal'
       }
       {
         roleDefinitionIdOrName: 'Storage Blob Data Contributor'
@@ -598,6 +600,7 @@ module avmAiServices 'modules/account/main.bicep' = {
       {
         principalId: avmManagedIdentity.outputs.principalId
         roleDefinitionIdOrName: '8e3af657-a8ff-443c-a75c-2fe8c4bcb635' // Owner role
+        principalType: 'ServicePrincipal'
       }
       {
         principalId: avmContainerApp.outputs.systemAssignedMIPrincipalId!
@@ -1089,14 +1092,17 @@ module avmAppConfig 'br/public:avm/res/app-configuration/configuration-store:0.6
       {
         principalId: avmContainerApp.outputs.?systemAssignedMIPrincipalId!
         roleDefinitionIdOrName: 'App Configuration Data Reader'
+        principalType: 'ServicePrincipal'
       }
       {
         principalId: avmContainerApp_API.outputs.?systemAssignedMIPrincipalId!
         roleDefinitionIdOrName: 'App Configuration Data Reader'
+        principalType: 'ServicePrincipal'
       }
       {
         principalId: avmContainerApp_Web.outputs.?systemAssignedMIPrincipalId!
         roleDefinitionIdOrName: 'App Configuration Data Reader'
+        principalType: 'ServicePrincipal'
       }
     ]
     keyValues: [
diff --git a/infra/main.json b/infra/main.json
@@ -255,7 +255,7 @@
           "diagnosticSettings": {
             "value": [
               {
-                "workspaceResourceId": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]"
+                "workspaceResourceId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]"
               }
             ]
           },
@@ -935,7 +935,7 @@
           "diagnosticSettings": {
             "value": [
               {
-                "workspaceResourceId": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]"
+                "workspaceResourceId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]"
               }
             ]
           },
@@ -1680,7 +1680,7 @@
           "diagnosticSettings": {
             "value": [
               {
-                "workspaceResourceId": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]"
+                "workspaceResourceId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]"
               }
             ]
           },
@@ -2360,7 +2360,7 @@
           "diagnosticSettings": {
             "value": [
               {
-                "workspaceResourceId": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]"
+                "workspaceResourceId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]"
               }
             ]
           },
@@ -3045,7 +3045,7 @@
           "diagnosticSettings": {
             "value": [
               {
-                "workspaceResourceId": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]"
+                "workspaceResourceId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]"
               }
             ]
           },
@@ -11024,15 +11024,15 @@
           "outputs": {
             "resourceId": {
               "type": "string",
-              "value": "[if(variables('useExistingWorkspace'), extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('existingLawSubscription'), variables('existingLawResourceGroup')), 'Microsoft.OperationalInsights/workspaces', variables('existingLawName')), reference('logAnalyticsWorkspace').outputs.resourceId.value)]"
+              "value": "[if(variables('useExistingWorkspace'), extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('existingLawSubscription'), variables('existingLawResourceGroup')), 'Microsoft.OperationalInsights/workspaces', variables('existingLawName')), listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_new_log_analytics_workspace'), '2022-09-01').resourceId)]"
             },
             "logAnalyticsWorkspaceId": {
               "type": "string",
-              "value": "[if(variables('useExistingWorkspace'), reference('existingLogAnalyticsWorkspace').customerId, reference('logAnalyticsWorkspace').outputs.logAnalyticsWorkspaceId.value)]"
+              "value": "[if(variables('useExistingWorkspace'), reference('existingLogAnalyticsWorkspace').customerId, listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_new_log_analytics_workspace'), '2022-09-01').logAnalyticsWorkspaceId)]"
             },
             "primarySharedKey": {
               "type": "securestring",
-              "value": "[if(variables('useExistingWorkspace'), if(variables('useExistingWorkspace'), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('existingLawSubscription'), variables('existingLawResourceGroup')), 'Microsoft.OperationalInsights/workspaces', variables('existingLawName')), '2020-08-01'), listOutputsWithSecureValues('logAnalyticsWorkspace', '2022-09-01').primarySharedKey).primarySharedKey, listOutputsWithSecureValues('logAnalyticsWorkspace', '2022-09-01').primarySharedKey)]"
+              "value": "[if(variables('useExistingWorkspace'), if(variables('useExistingWorkspace'), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('existingLawSubscription'), variables('existingLawResourceGroup')), 'Microsoft.OperationalInsights/workspaces', variables('existingLawName')), '2020-08-01'), listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_new_log_analytics_workspace'), '2022-09-01').primarySharedKey).primarySharedKey, listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_new_log_analytics_workspace'), '2022-09-01').primarySharedKey)]"
             }
           }
         }
@@ -11055,12 +11055,12 @@
             "value": "[parameters('location')]"
           },
           "workspaceResourceId": {
-            "value": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]"
+            "value": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]"
           },
           "diagnosticSettings": {
             "value": [
               {
-                "workspaceResourceId": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]"
+                "workspaceResourceId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]"
               }
             ]
           },
@@ -12335,7 +12335,8 @@
             "value": [
               {
                 "principalId": "[reference('avmManagedIdentity').outputs.principalId.value]",
-                "roleDefinitionIdOrName": "Key Vault Administrator"
+                "roleDefinitionIdOrName": "Key Vault Administrator",
+                "principalType": "ServicePrincipal"
               }
             ]
           },
@@ -12368,7 +12369,7 @@
           },
           "publicNetworkAccess": "[if(parameters('enablePrivateNetworking'), createObject('value', 'Disabled'), createObject('value', 'Enabled'))]",
           "logAnalyticsWorkspaceResourceId": {
-            "value": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]"
+            "value": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]"
           },
           "networkAcls": {
             "value": {
@@ -19157,7 +19158,8 @@
             "value": [
               {
                 "principalId": "[reference('avmManagedIdentity').outputs.principalId.value]",
-                "roleDefinitionIdOrName": "Storage Blob Data Contributor"
+                "roleDefinitionIdOrName": "Storage Blob Data Contributor",
+                "principalType": "ServicePrincipal"
               },
               {
                 "roleDefinitionIdOrName": "Storage Blob Data Contributor",
@@ -24952,15 +24954,16 @@
           "diagnosticSettings": {
             "value": [
               {
-                "workspaceResourceId": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]"
+                "workspaceResourceId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]"
               }
             ]
           },
           "roleAssignments": {
             "value": [
               {
                 "principalId": "[reference('avmManagedIdentity').outputs.principalId.value]",
-                "roleDefinitionIdOrName": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635"
+                "roleDefinitionIdOrName": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
+                "principalType": "ServicePrincipal"
               },
               {
                 "principalId": "[reference('avmContainerApp').outputs.systemAssignedMIPrincipalId.value]",
@@ -26259,7 +26262,7 @@
                     "_generator": {
                       "name": "bicep",
                       "version": "0.36.177.2456",
-                      "templateHash": "11270933172961789567"
+                      "templateHash": "4128376395637895528"
                     }
                   },
                   "definitions": {
@@ -28068,7 +28071,7 @@
                             "_generator": {
                               "name": "bicep",
                               "version": "0.36.177.2456",
-                              "templateHash": "9150529619101779014"
+                              "templateHash": "1200612323329026557"
                             }
                           },
                           "definitions": {
@@ -30643,9 +30646,9 @@
       "dependsOn": [
         "avmContainerApp",
         "avmManagedIdentity",
+        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').contentUnderstanding)]",
         "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]",
         "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').openAI)]",
-        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').contentUnderstanding)]",
         "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]",
         "avmVirtualNetwork",
         "logAnalyticsWorkspace"
@@ -33020,8 +33023,8 @@
             "value": {
               "destination": "log-analytics",
               "logAnalyticsConfiguration": {
-                "customerId": "[reference('logAnalyticsWorkspace').outputs.logAnalyticsWorkspaceId.value]",
-                "sharedKey": "[listOutputsWithSecureValues('logAnalyticsWorkspace', '2022-09-01').primarySharedKey]"
+                "customerId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').logAnalyticsWorkspaceId]",
+                "sharedKey": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').primarySharedKey]"
               }
             }
           },
@@ -42901,7 +42904,7 @@
           "diagnosticSettings": {
             "value": [
               {
-                "workspaceResourceId": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]",
+                "workspaceResourceId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]",
                 "logCategoriesAndGroups": [
                   {
                     "categoryGroup": "allLogs",
@@ -42919,15 +42922,18 @@
             "value": [
               {
                 "principalId": "[tryGet(tryGet(reference('avmContainerApp').outputs, 'systemAssignedMIPrincipalId'), 'value')]",
-                "roleDefinitionIdOrName": "App Configuration Data Reader"
+                "roleDefinitionIdOrName": "App Configuration Data Reader",
+                "principalType": "ServicePrincipal"
               },
               {
                 "principalId": "[tryGet(tryGet(reference('avmContainerApp_API').outputs, 'systemAssignedMIPrincipalId'), 'value')]",
-                "roleDefinitionIdOrName": "App Configuration Data Reader"
+                "roleDefinitionIdOrName": "App Configuration Data Reader",
+                "principalType": "ServicePrincipal"
               },
               {
                 "principalId": "[tryGet(tryGet(reference('avmContainerApp_Web').outputs, 'systemAssignedMIPrincipalId'), 'value')]",
-                "roleDefinitionIdOrName": "App Configuration Data Reader"
+                "roleDefinitionIdOrName": "App Configuration Data Reader",
+                "principalType": "ServicePrincipal"
               }
             ]
           },
@@ -42999,19 +43005,19 @@
               },
               {
                 "name": "APP_STORAGE_BLOB_URL",
-                "value": "[reference('avmStorageAccount').outputs.serviceEndpoints.value.blob]"
+                "value": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', format(parameters('resourceNameFormatString'), 'st')), '2022-09-01').serviceEndpoints.blob]"
               },
               {
                 "name": "APP_STORAGE_QUEUE_URL",
-                "value": "[reference('avmStorageAccount').outputs.serviceEndpoints.value.queue]"
+                "value": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', format(parameters('resourceNameFormatString'), 'st')), '2022-09-01').serviceEndpoints.queue]"
               },
               {
                 "name": "APP_AI_PROJECT_ENDPOINT",
                 "value": "[reference('avmAiServices').outputs.aiProjectInfo.value.apiEndpoint]"
               },
               {
                 "name": "APP_COSMOS_CONNSTR",
-                "value": "[listOutputsWithSecureValues('avmCosmosDB', '2022-09-01').primaryReadWriteConnectionString]"
+                "value": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', format(parameters('resourceNameFormatString'), 'cosmos-')), '2022-09-01').primaryReadWriteConnectionString]"
               }
             ]
           },

Original file line number	Diff line number	Diff line change
`@@ -447,6 +447,7 @@ module avmKeyVault './modules/key-vault.bicep' = {`
`447`	`447`	`{`
`448`	`448`	`principalId: avmManagedIdentity.outputs.principalId`
`449`	`449`	`roleDefinitionIdOrName: 'Key Vault Administrator'`
	`450`	`+ principalType: 'ServicePrincipal'`
`450`	`451`	`}`
`451`	`452`	`]`
`452`	`453`	`enablePurgeProtection: false`
`@@ -503,6 +504,7 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = {`
`503`	`504`	`{`
`504`	`505`	`principalId: avmManagedIdentity.outputs.principalId`
`505`	`506`	`roleDefinitionIdOrName: 'Storage Blob Data Contributor'`
	`507`	`+ principalType: 'ServicePrincipal'`
`506`	`508`	`}`
`507`	`509`	`{`
`508`	`510`	`roleDefinitionIdOrName: 'Storage Blob Data Contributor'`
`@@ -598,6 +600,7 @@ module avmAiServices 'modules/account/main.bicep' = {`
`598`	`600`	`{`
`599`	`601`	`principalId: avmManagedIdentity.outputs.principalId`
`600`	`602`	`roleDefinitionIdOrName: '8e3af657-a8ff-443c-a75c-2fe8c4bcb635' // Owner role`
	`603`	`+ principalType: 'ServicePrincipal'`
`601`	`604`	`}`
`602`	`605`	`{`
`603`	`606`	`principalId: avmContainerApp.outputs.systemAssignedMIPrincipalId!`
`@@ -1089,14 +1092,17 @@ module avmAppConfig 'br/public:avm/res/app-configuration/configuration-store:0.6`
`1089`	`1092`	`{`
`1090`	`1093`	`principalId: avmContainerApp.outputs.?systemAssignedMIPrincipalId!`
`1091`	`1094`	`roleDefinitionIdOrName: 'App Configuration Data Reader'`
	`1095`	`+ principalType: 'ServicePrincipal'`
`1092`	`1096`	`}`
`1093`	`1097`	`{`
`1094`	`1098`	`principalId: avmContainerApp_API.outputs.?systemAssignedMIPrincipalId!`
`1095`	`1099`	`roleDefinitionIdOrName: 'App Configuration Data Reader'`
	`1100`	`+ principalType: 'ServicePrincipal'`
`1096`	`1101`	`}`
`1097`	`1102`	`{`
`1098`	`1103`	`principalId: avmContainerApp_Web.outputs.?systemAssignedMIPrincipalId!`
`1099`	`1104`	`roleDefinitionIdOrName: 'App Configuration Data Reader'`
	`1105`	`+ principalType: 'ServicePrincipal'`
`1100`	`1106`	`}`
`1101`	`1107`	`]`
`1102`	`1108`	`keyValues: [`
Original file line number	Diff line number	Diff line change
`@@ -255,7 +255,7 @@`
`255`	`255`	`"diagnosticSettings": {`
`256`	`256`	`"value": [`
`257`	`257`	`{`
`258`		`- "workspaceResourceId": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]"`
	`258`	`+ "workspaceResourceId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]"`
`259`	`259`	`}`
`260`	`260`	`]`
`261`	`261`	`},`
`@@ -935,7 +935,7 @@`
`935`	`935`	`"diagnosticSettings": {`
`936`	`936`	`"value": [`
`937`	`937`	`{`
`938`		`- "workspaceResourceId": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]"`
	`938`	`+ "workspaceResourceId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]"`
`939`	`939`	`}`
`940`	`940`	`]`
`941`	`941`	`},`
`@@ -1680,7 +1680,7 @@`
`1680`	`1680`	`"diagnosticSettings": {`
`1681`	`1681`	`"value": [`
`1682`	`1682`	`{`
`1683`		`- "workspaceResourceId": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]"`
	`1683`	`+ "workspaceResourceId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]"`
`1684`	`1684`	`}`
`1685`	`1685`	`]`
`1686`	`1686`	`},`
`@@ -2360,7 +2360,7 @@`
`2360`	`2360`	`"diagnosticSettings": {`
`2361`	`2361`	`"value": [`
`2362`	`2362`	`{`
`2363`		`- "workspaceResourceId": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]"`
	`2363`	`+ "workspaceResourceId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]"`
`2364`	`2364`	`}`
`2365`	`2365`	`]`
`2366`	`2366`	`},`
`@@ -3045,7 +3045,7 @@`
`3045`	`3045`	`"diagnosticSettings": {`
`3046`	`3046`	`"value": [`
`3047`	`3047`	`{`
`3048`		`- "workspaceResourceId": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]"`
	`3048`	`+ "workspaceResourceId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]"`
`3049`	`3049`	`}`
`3050`	`3050`	`]`
`3051`	`3051`	`},`
`@@ -11024,15 +11024,15 @@`
`11024`	`11024`	`"outputs": {`
`11025`	`11025`	`"resourceId": {`
`11026`	`11026`	`"type": "string",`
`11027`		`- "value": "[if(variables('useExistingWorkspace'), extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('existingLawSubscription'), variables('existingLawResourceGroup')), 'Microsoft.OperationalInsights/workspaces', variables('existingLawName')), reference('logAnalyticsWorkspace').outputs.resourceId.value)]"`
	`11027`	`+ "value": "[if(variables('useExistingWorkspace'), extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('existingLawSubscription'), variables('existingLawResourceGroup')), 'Microsoft.OperationalInsights/workspaces', variables('existingLawName')), listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_new_log_analytics_workspace'), '2022-09-01').resourceId)]"`
`11028`	`11028`	`},`
`11029`	`11029`	`"logAnalyticsWorkspaceId": {`
`11030`	`11030`	`"type": "string",`
`11031`		`- "value": "[if(variables('useExistingWorkspace'), reference('existingLogAnalyticsWorkspace').customerId, reference('logAnalyticsWorkspace').outputs.logAnalyticsWorkspaceId.value)]"`
	`11031`	`+ "value": "[if(variables('useExistingWorkspace'), reference('existingLogAnalyticsWorkspace').customerId, listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_new_log_analytics_workspace'), '2022-09-01').logAnalyticsWorkspaceId)]"`
`11032`	`11032`	`},`
`11033`	`11033`	`"primarySharedKey": {`
`11034`	`11034`	`"type": "securestring",`
`11035`		- "value": "[if(variables('useExistingWorkspace'), if(variables('useExistingWorkspace'), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('existingLawSubscription'), variables('existingLawResourceGroup')), 'Microsoft.OperationalInsights/workspaces', variables('existingLawName')), '2020-08-01'), listOutputsWithSecureValues('logAnalyticsWorkspace', '2022-09-01').primarySharedKey).primarySharedKey, listOutputsWithSecureValues('logAnalyticsWorkspace', '2022-09-01').primarySharedKey)]"
	`11035`	+ "value": "[if(variables('useExistingWorkspace'), if(variables('useExistingWorkspace'), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('existingLawSubscription'), variables('existingLawResourceGroup')), 'Microsoft.OperationalInsights/workspaces', variables('existingLawName')), '2020-08-01'), listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_new_log_analytics_workspace'), '2022-09-01').primarySharedKey).primarySharedKey, listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_new_log_analytics_workspace'), '2022-09-01').primarySharedKey)]"
`11036`	`11036`	`}`
`11037`	`11037`	`}`
`11038`	`11038`	`}`
`@@ -11055,12 +11055,12 @@`
`11055`	`11055`	`"value": "[parameters('location')]"`
`11056`	`11056`	`},`
`11057`	`11057`	`"workspaceResourceId": {`
`11058`		`- "value": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]"`
	`11058`	`+ "value": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]"`
`11059`	`11059`	`},`
`11060`	`11060`	`"diagnosticSettings": {`
`11061`	`11061`	`"value": [`
`11062`	`11062`	`{`
`11063`		`- "workspaceResourceId": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]"`
	`11063`	`+ "workspaceResourceId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]"`
`11064`	`11064`	`}`
`11065`	`11065`	`]`
`11066`	`11066`	`},`
`@@ -12335,7 +12335,8 @@`
`12335`	`12335`	`"value": [`
`12336`	`12336`	`{`
`12337`	`12337`	`"principalId": "[reference('avmManagedIdentity').outputs.principalId.value]",`
`12338`		`- "roleDefinitionIdOrName": "Key Vault Administrator"`
	`12338`	`+ "roleDefinitionIdOrName": "Key Vault Administrator",`
	`12339`	`+ "principalType": "ServicePrincipal"`
`12339`	`12340`	`}`
`12340`	`12341`	`]`
`12341`	`12342`	`},`
`@@ -12368,7 +12369,7 @@`
`12368`	`12369`	`},`
`12369`	`12370`	`"publicNetworkAccess": "[if(parameters('enablePrivateNetworking'), createObject('value', 'Disabled'), createObject('value', 'Enabled'))]",`
`12370`	`12371`	`"logAnalyticsWorkspaceResourceId": {`
`12371`		`- "value": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]"`
	`12372`	`+ "value": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]"`
`12372`	`12373`	`},`
`12373`	`12374`	`"networkAcls": {`
`12374`	`12375`	`"value": {`
`@@ -19157,7 +19158,8 @@`
`19157`	`19158`	`"value": [`
`19158`	`19159`	`{`
`19159`	`19160`	`"principalId": "[reference('avmManagedIdentity').outputs.principalId.value]",`
`19160`		`- "roleDefinitionIdOrName": "Storage Blob Data Contributor"`
	`19161`	`+ "roleDefinitionIdOrName": "Storage Blob Data Contributor",`
	`19162`	`+ "principalType": "ServicePrincipal"`
`19161`	`19163`	`},`
`19162`	`19164`	`{`
`19163`	`19165`	`"roleDefinitionIdOrName": "Storage Blob Data Contributor",`
`@@ -24952,15 +24954,16 @@`
`24952`	`24954`	`"diagnosticSettings": {`
`24953`	`24955`	`"value": [`
`24954`	`24956`	`{`
`24955`		`- "workspaceResourceId": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]"`
	`24957`	`+ "workspaceResourceId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]"`
`24956`	`24958`	`}`
`24957`	`24959`	`]`
`24958`	`24960`	`},`
`24959`	`24961`	`"roleAssignments": {`
`24960`	`24962`	`"value": [`
`24961`	`24963`	`{`
`24962`	`24964`	`"principalId": "[reference('avmManagedIdentity').outputs.principalId.value]",`
`24963`		`- "roleDefinitionIdOrName": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635"`
	`24965`	`+ "roleDefinitionIdOrName": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",`
	`24966`	`+ "principalType": "ServicePrincipal"`
`24964`	`24967`	`},`
`24965`	`24968`	`{`
`24966`	`24969`	`"principalId": "[reference('avmContainerApp').outputs.systemAssignedMIPrincipalId.value]",`
`@@ -26259,7 +26262,7 @@`
`26259`	`26262`	`"_generator": {`
`26260`	`26263`	`"name": "bicep",`
`26261`	`26264`	`"version": "0.36.177.2456",`
`26262`		`- "templateHash": "11270933172961789567"`
	`26265`	`+ "templateHash": "4128376395637895528"`
`26263`	`26266`	`}`
`26264`	`26267`	`},`
`26265`	`26268`	`"definitions": {`
`@@ -28068,7 +28071,7 @@`
`28068`	`28071`	`"_generator": {`
`28069`	`28072`	`"name": "bicep",`
`28070`	`28073`	`"version": "0.36.177.2456",`
`28071`		`- "templateHash": "9150529619101779014"`
	`28074`	`+ "templateHash": "1200612323329026557"`
`28072`	`28075`	`}`
`28073`	`28076`	`},`
`28074`	`28077`	`"definitions": {`
`@@ -30643,9 +30646,9 @@`
`30643`	`30646`	`"dependsOn": [`
`30644`	`30647`	`"avmContainerApp",`
`30645`	`30648`	`"avmManagedIdentity",`
	`30649`	`+ "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').contentUnderstanding)]",`
`30646`	`30650`	`"[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]",`
`30647`	`30651`	`"[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').openAI)]",`
`30648`		`- "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').contentUnderstanding)]",`
`30649`	`30652`	`"[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]",`
`30650`	`30653`	`"avmVirtualNetwork",`
`30651`	`30654`	`"logAnalyticsWorkspace"`
`@@ -33020,8 +33023,8 @@`
`33020`	`33023`	`"value": {`
`33021`	`33024`	`"destination": "log-analytics",`
`33022`	`33025`	`"logAnalyticsConfiguration": {`
`33023`		`- "customerId": "[reference('logAnalyticsWorkspace').outputs.logAnalyticsWorkspaceId.value]",`
`33024`		`- "sharedKey": "[listOutputsWithSecureValues('logAnalyticsWorkspace', '2022-09-01').primarySharedKey]"`
	`33026`	`+ "customerId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').logAnalyticsWorkspaceId]",`
	`33027`	`+ "sharedKey": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').primarySharedKey]"`
`33025`	`33028`	`}`
`33026`	`33029`	`}`
`33027`	`33030`	`},`
`@@ -42901,7 +42904,7 @@`
`42901`	`42904`	`"diagnosticSettings": {`
`42902`	`42905`	`"value": [`
`42903`	`42906`	`{`
`42904`		`- "workspaceResourceId": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]",`
	`42907`	`+ "workspaceResourceId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]",`
`42905`	`42908`	`"logCategoriesAndGroups": [`
`42906`	`42909`	`{`
`42907`	`42910`	`"categoryGroup": "allLogs",`
`@@ -42919,15 +42922,18 @@`
`42919`	`42922`	`"value": [`
`42920`	`42923`	`{`
`42921`	`42924`	`"principalId": "[tryGet(tryGet(reference('avmContainerApp').outputs, 'systemAssignedMIPrincipalId'), 'value')]",`
`42922`		`- "roleDefinitionIdOrName": "App Configuration Data Reader"`
	`42925`	`+ "roleDefinitionIdOrName": "App Configuration Data Reader",`
	`42926`	`+ "principalType": "ServicePrincipal"`
`42923`	`42927`	`},`
`42924`	`42928`	`{`
`42925`	`42929`	`"principalId": "[tryGet(tryGet(reference('avmContainerApp_API').outputs, 'systemAssignedMIPrincipalId'), 'value')]",`
`42926`		`- "roleDefinitionIdOrName": "App Configuration Data Reader"`
	`42930`	`+ "roleDefinitionIdOrName": "App Configuration Data Reader",`
	`42931`	`+ "principalType": "ServicePrincipal"`
`42927`	`42932`	`},`
`42928`	`42933`	`{`
`42929`	`42934`	`"principalId": "[tryGet(tryGet(reference('avmContainerApp_Web').outputs, 'systemAssignedMIPrincipalId'), 'value')]",`
`42930`		`- "roleDefinitionIdOrName": "App Configuration Data Reader"`
	`42935`	`+ "roleDefinitionIdOrName": "App Configuration Data Reader",`
	`42936`	`+ "principalType": "ServicePrincipal"`
`42931`	`42937`	`}`
`42932`	`42938`	`]`
`42933`	`42939`	`},`
`@@ -42999,19 +43005,19 @@`
`42999`	`43005`	`},`
`43000`	`43006`	`{`
`43001`	`43007`	`"name": "APP_STORAGE_BLOB_URL",`
`43002`		`- "value": "[reference('avmStorageAccount').outputs.serviceEndpoints.value.blob]"`
	`43008`	`+ "value": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', format(parameters('resourceNameFormatString'), 'st')), '2022-09-01').serviceEndpoints.blob]"`
`43003`	`43009`	`},`
`43004`	`43010`	`{`
`43005`	`43011`	`"name": "APP_STORAGE_QUEUE_URL",`
`43006`		`- "value": "[reference('avmStorageAccount').outputs.serviceEndpoints.value.queue]"`
	`43012`	`+ "value": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', format(parameters('resourceNameFormatString'), 'st')), '2022-09-01').serviceEndpoints.queue]"`
`43007`	`43013`	`},`
`43008`	`43014`	`{`
`43009`	`43015`	`"name": "APP_AI_PROJECT_ENDPOINT",`
`43010`	`43016`	`"value": "[reference('avmAiServices').outputs.aiProjectInfo.value.apiEndpoint]"`
`43011`	`43017`	`},`
`43012`	`43018`	`{`
`43013`	`43019`	`"name": "APP_COSMOS_CONNSTR",`
`43014`		`- "value": "[listOutputsWithSecureValues('avmCosmosDB', '2022-09-01').primaryReadWriteConnectionString]"`
	`43020`	`+ "value": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', format(parameters('resourceNameFormatString'), 'cosmos-')), '2022-09-01').primaryReadWriteConnectionString]"`
`43015`	`43021`	`}`
`43016`	`43022`	`]`
`43017`	`43023`	`},`