Merge pull request #562 from microsoft/psl-resolve-sfi-w18

fix: Fix to resolve SFI-W18 policy issue

Author: Prajwal-Microsoft

infra/main.bicep

@@ -914,8 +914,8 @@ module avmContainerAppEnv 'br/public:avm/res/app/managed-environment:0.11.3' = {
     name: 'cae-${solutionSuffix}'
     location: location
     tags: {
-      app: solutionSuffix
-      location: location
+      ...resourceGroup().tags
+      ...tags
     }
     managedIdentities: { systemAssigned: true }
     appLogsConfiguration: enableMonitoring

infra/main.json

@@ -5,8 +5,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.41.2.15936",
-      "templateHash": "5358772599129171911"
+      "version": "0.39.26.7824",
+      "templateHash": "18378296288333564754"
     },
     "name": "Content Processing Solution Accelerator",
     "description": "Bicep template to deploy the Content Processing Solution Accelerator with AVM compliance."
@@ -348,8 +348,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.41.2.15936",
-              "templateHash": "4055670269816744382"
+              "version": "0.39.26.7824",
+              "templateHash": "2779842231546071291"
             }
           },
           "definitions": {
@@ -19225,8 +19225,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.41.2.15936",
-              "templateHash": "6350282028214740152"
+              "version": "0.39.26.7824",
+              "templateHash": "9967760373683235080"
             }
           },
           "parameters": {
@@ -23231,8 +23231,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.41.2.15936",
-              "templateHash": "13929816981891754138"
+              "version": "0.39.26.7824",
+              "templateHash": "11438993289824448790"
             }
           },
           "parameters": {
@@ -23823,8 +23823,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.41.2.15936",
-              "templateHash": "17694195801715707119"
+              "version": "0.39.26.7824",
+              "templateHash": "18073394536155497558"
             },
             "name": "Container Registry Module"
           },
@@ -35187,8 +35187,8 @@
         "avmContainerApp_API",
         "avmContainerApp_Workflow",
         "avmManagedIdentity",
-        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageQueue)]",
         "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageBlob)]",
+        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageQueue)]",
         "virtualNetwork"
       ]
     },
@@ -35308,8 +35308,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.41.2.15936",
-              "templateHash": "11676375352983709807"
+              "version": "0.39.26.7824",
+              "templateHash": "11365341673325597162"
             },
             "name": "Cognitive Services",
             "description": "This module deploys a Cognitive Service."
@@ -36558,8 +36558,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.41.2.15936",
-                      "templateHash": "8716336912243881623"
+                      "version": "0.39.26.7824",
+                      "templateHash": "15006072223125242147"
                     }
                   },
                   "definitions": {
@@ -37522,7 +37522,7 @@
                       "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]",
                       "type": "Microsoft.Authorization/locks",
                       "apiVersion": "2020-05-01",
-                      "scope": "[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]",
+                      "scope": "[format('Microsoft.CognitiveServices/accounts/{0}', parameters('name'))]",
                       "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]",
                       "properties": {
                         "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]",
@@ -37536,7 +37536,7 @@
                       },
                       "type": "Microsoft.Insights/diagnosticSettings",
                       "apiVersion": "2021-05-01-preview",
-                      "scope": "[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]",
+                      "scope": "[format('Microsoft.CognitiveServices/accounts/{0}', parameters('name'))]",
                       "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]",
                       "properties": {
                         "copy": [
@@ -37574,7 +37574,7 @@
                       },
                       "type": "Microsoft.Authorization/roleAssignments",
                       "apiVersion": "2022-04-01",
-                      "scope": "[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]",
+                      "scope": "[format('Microsoft.CognitiveServices/accounts/{0}', parameters('name'))]",
                       "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]",
                       "properties": {
                         "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]",
@@ -38367,8 +38367,8 @@
                           "metadata": {
                             "_generator": {
                               "name": "bicep",
-                              "version": "0.41.2.15936",
-                              "templateHash": "10989408486030617267"
+                              "version": "0.39.26.7824",
+                              "templateHash": "12797226417049698978"
                             }
                           },
                           "definitions": {
@@ -38521,8 +38521,8 @@
                           "metadata": {
                             "_generator": {
                               "name": "bicep",
-                              "version": "0.41.2.15936",
-                              "templateHash": "7933643033523871028"
+                              "version": "0.39.26.7824",
+                              "templateHash": "422299638943108486"
                             }
                           },
                           "definitions": {
@@ -38739,8 +38739,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.41.2.15936",
-                      "templateHash": "8716336912243881623"
+                      "version": "0.39.26.7824",
+                      "templateHash": "15006072223125242147"
                     }
                   },
                   "definitions": {
@@ -39703,7 +39703,7 @@
                       "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]",
                       "type": "Microsoft.Authorization/locks",
                       "apiVersion": "2020-05-01",
-                      "scope": "[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]",
+                      "scope": "[format('Microsoft.CognitiveServices/accounts/{0}', parameters('name'))]",
                       "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]",
                       "properties": {
                         "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]",
@@ -39717,7 +39717,7 @@
                       },
                       "type": "Microsoft.Insights/diagnosticSettings",
                       "apiVersion": "2021-05-01-preview",
-                      "scope": "[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]",
+                      "scope": "[format('Microsoft.CognitiveServices/accounts/{0}', parameters('name'))]",
                       "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]",
                       "properties": {
                         "copy": [
@@ -39755,7 +39755,7 @@
                       },
                       "type": "Microsoft.Authorization/roleAssignments",
                       "apiVersion": "2022-04-01",
-                      "scope": "[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]",
+                      "scope": "[format('Microsoft.CognitiveServices/accounts/{0}', parameters('name'))]",
                       "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]",
                       "properties": {
                         "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]",
@@ -40548,8 +40548,8 @@
                           "metadata": {
                             "_generator": {
                               "name": "bicep",
-                              "version": "0.41.2.15936",
-                              "templateHash": "10989408486030617267"
+                              "version": "0.39.26.7824",
+                              "templateHash": "12797226417049698978"
                             }
                           },
                           "definitions": {
@@ -40702,8 +40702,8 @@
                           "metadata": {
                             "_generator": {
                               "name": "bicep",
-                              "version": "0.41.2.15936",
-                              "templateHash": "7933643033523871028"
+                              "version": "0.39.26.7824",
+                              "templateHash": "422299638943108486"
                             }
                           },
                           "definitions": {
@@ -41721,10 +41721,10 @@
       },
       "dependsOn": [
         "avmAiServices",
-        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').contentUnderstanding)]",
         "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]",
-        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]",
         "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').openAI)]",
+        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]",
+        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').contentUnderstanding)]",
         "virtualNetwork"
       ]
     },
@@ -45022,9 +45022,9 @@
       },
       "dependsOn": [
         "avmAiServices_cu",
-        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]",
         "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]",
         "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').contentUnderstanding)]",
+        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]",
         "virtualNetwork"
       ]
     },
@@ -45045,10 +45045,7 @@
             "value": "[parameters('location')]"
           },
           "tags": {
-            "value": {
-              "app": "[variables('solutionSuffix')]",
-              "location": "[parameters('location')]"
-            }
+            "value": "[shallowMerge(createArray(resourceGroup().tags, parameters('tags')))]"
           },
           "managedIdentities": {
             "value": {
@@ -68558,6 +68555,13 @@
       },
       "value": "[reference('avmContainerRegistry').outputs.loginServer.value]"
     },
+    "CONTENT_UNDERSTANDING_ACCOUNT_NAME": {
+      "type": "string",
+      "metadata": {
+        "description": "The name of the Content Understanding AI Services account."
+      },
+      "value": "[reference('avmAiServices_cu').outputs.name.value]"
+    },
     "AZURE_RESOURCE_GROUP": {
       "type": "string",
       "metadata": {

infra/main_custom.bicep

@@ -917,8 +917,8 @@ module avmContainerAppEnv 'br/public:avm/res/app/managed-environment:0.11.3' = {
     name: 'cae-${solutionSuffix}'
     location: location
     tags: {
-      app: solutionSuffix
-      location: location
+      ...resourceGroup().tags
+      ...tags
     }
     managedIdentities: { systemAssigned: true }
     appLogsConfiguration: enableMonitoring