From 6f17fd1bcfba012ef123b9af1b283daacdf7945c Mon Sep 17 00:00:00 2001 From: "Niraj Chaudhari (Persistent Systems Inc)" Date: Thu, 23 Apr 2026 15:17:00 +0530 Subject: [PATCH 1/2] Fix to resolve SFI-W18 policy issue --- infra/main.bicep | 8 ++++- infra/main.json | 80 +++++++++++++++++++++-------------------- infra/main_custom.bicep | 7 +++- 3 files changed, 55 insertions(+), 40 deletions(-) diff --git a/infra/main.bicep b/infra/main.bicep index c29e258f..f0acbd02 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -914,8 +914,14 @@ module avmContainerAppEnv 'br/public:avm/res/app/managed-environment:0.11.3' = { name: 'cae-${solutionSuffix}' location: location tags: { + ...resourceGroup().tags + ...tags + TemplateName: 'Content Processing' + Type: enablePrivateNetworking ? 'WAF' : 'Non-WAF' + CreatedBy: createdBy + DeploymentName: deployment().name app: solutionSuffix - location: location + } managedIdentities: { systemAssigned: true } appLogsConfiguration: enableMonitoring diff --git a/infra/main.json b/infra/main.json index 4280795f..a6111732 100644 --- a/infra/main.json +++ b/infra/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.41.2.15936", - "templateHash": "5358772599129171911" + "version": "0.39.26.7824", + "templateHash": "306303044487815506" }, "name": "Content Processing Solution Accelerator", "description": "Bicep template to deploy the Content Processing Solution Accelerator with AVM compliance." @@ -348,8 +348,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.41.2.15936", - "templateHash": "4055670269816744382" + "version": "0.39.26.7824", + "templateHash": "2779842231546071291" } }, "definitions": { @@ -19225,8 +19225,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.41.2.15936", - "templateHash": "6350282028214740152" + "version": "0.39.26.7824", + "templateHash": "9967760373683235080" } }, "parameters": { @@ -23231,8 +23231,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.41.2.15936", - "templateHash": "13929816981891754138" + "version": "0.39.26.7824", + "templateHash": "11438993289824448790" } }, "parameters": { @@ -23823,8 +23823,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.41.2.15936", - "templateHash": "17694195801715707119" + "version": "0.39.26.7824", + "templateHash": "18073394536155497558" }, "name": "Container Registry Module" }, @@ -35187,8 +35187,8 @@ "avmContainerApp_API", "avmContainerApp_Workflow", "avmManagedIdentity", - "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageQueue)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageBlob)]", + "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageQueue)]", "virtualNetwork" ] }, @@ -35308,8 +35308,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.41.2.15936", - "templateHash": "11676375352983709807" + "version": "0.39.26.7824", + "templateHash": "11365341673325597162" }, "name": "Cognitive Services", "description": "This module deploys a Cognitive Service." @@ -36558,8 +36558,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.41.2.15936", - "templateHash": "8716336912243881623" + "version": "0.39.26.7824", + "templateHash": "15006072223125242147" } }, "definitions": { @@ -37522,7 +37522,7 @@ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]", + "scope": "[format('Microsoft.CognitiveServices/accounts/{0}', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -37536,7 +37536,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]", + "scope": "[format('Microsoft.CognitiveServices/accounts/{0}', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", "properties": { "copy": [ @@ -37574,7 +37574,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]", + "scope": "[format('Microsoft.CognitiveServices/accounts/{0}', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -38367,8 +38367,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.41.2.15936", - "templateHash": "10989408486030617267" + "version": "0.39.26.7824", + "templateHash": "12797226417049698978" } }, "definitions": { @@ -38521,8 +38521,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.41.2.15936", - "templateHash": "7933643033523871028" + "version": "0.39.26.7824", + "templateHash": "422299638943108486" } }, "definitions": { @@ -38739,8 +38739,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.41.2.15936", - "templateHash": "8716336912243881623" + "version": "0.39.26.7824", + "templateHash": "15006072223125242147" } }, "definitions": { @@ -39703,7 +39703,7 @@ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]", + "scope": "[format('Microsoft.CognitiveServices/accounts/{0}', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -39717,7 +39717,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]", + "scope": "[format('Microsoft.CognitiveServices/accounts/{0}', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", "properties": { "copy": [ @@ -39755,7 +39755,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]", + "scope": "[format('Microsoft.CognitiveServices/accounts/{0}', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -40548,8 +40548,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.41.2.15936", - "templateHash": "10989408486030617267" + "version": "0.39.26.7824", + "templateHash": "12797226417049698978" } }, "definitions": { @@ -40702,8 +40702,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.41.2.15936", - "templateHash": "7933643033523871028" + "version": "0.39.26.7824", + "templateHash": "422299638943108486" } }, "definitions": { @@ -41721,10 +41721,10 @@ }, "dependsOn": [ "avmAiServices", - "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').contentUnderstanding)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]", - "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').openAI)]", + "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]", + "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').contentUnderstanding)]", "virtualNetwork" ] }, @@ -45022,9 +45022,9 @@ }, "dependsOn": [ "avmAiServices_cu", - "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').contentUnderstanding)]", + "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]", "virtualNetwork" ] }, @@ -45045,10 +45045,7 @@ "value": "[parameters('location')]" }, "tags": { - "value": { - "app": "[variables('solutionSuffix')]", - "location": "[parameters('location')]" - } + "value": "[shallowMerge(createArray(resourceGroup().tags, parameters('tags'), createObject('TemplateName', 'Content Processing', 'Type', if(parameters('enablePrivateNetworking'), 'WAF', 'Non-WAF'), 'CreatedBy', parameters('createdBy'), 'DeploymentName', deployment().name, 'app', variables('solutionSuffix'))))]" }, "managedIdentities": { "value": { @@ -68558,6 +68555,13 @@ }, "value": "[reference('avmContainerRegistry').outputs.loginServer.value]" }, + "CONTENT_UNDERSTANDING_ACCOUNT_NAME": { + "type": "string", + "metadata": { + "description": "The name of the Content Understanding AI Services account." + }, + "value": "[reference('avmAiServices_cu').outputs.name.value]" + }, "AZURE_RESOURCE_GROUP": { "type": "string", "metadata": { diff --git a/infra/main_custom.bicep b/infra/main_custom.bicep index 3294106b..adb83ba3 100644 --- a/infra/main_custom.bicep +++ b/infra/main_custom.bicep @@ -917,8 +917,13 @@ module avmContainerAppEnv 'br/public:avm/res/app/managed-environment:0.11.3' = { name: 'cae-${solutionSuffix}' location: location tags: { + ...resourceGroup().tags + ...tags + TemplateName: 'Content Processing' + Type: enablePrivateNetworking ? 'WAF' : 'Non-WAF' + CreatedBy: createdBy + DeploymentName: deployment().name app: solutionSuffix - location: location } managedIdentities: { systemAssigned: true } appLogsConfiguration: enableMonitoring From 12392c3b121c70005e89e525b686973161d559e6 Mon Sep 17 00:00:00 2001 From: "Niraj Chaudhari (Persistent Systems Inc)" Date: Thu, 23 Apr 2026 15:26:51 +0530 Subject: [PATCH 2/2] remove unnecessary extra tags --- infra/main.bicep | 6 ------ infra/main.json | 4 ++-- infra/main_custom.bicep | 5 ----- 3 files changed, 2 insertions(+), 13 deletions(-) diff --git a/infra/main.bicep b/infra/main.bicep index f0acbd02..216088d7 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -916,12 +916,6 @@ module avmContainerAppEnv 'br/public:avm/res/app/managed-environment:0.11.3' = { tags: { ...resourceGroup().tags ...tags - TemplateName: 'Content Processing' - Type: enablePrivateNetworking ? 'WAF' : 'Non-WAF' - CreatedBy: createdBy - DeploymentName: deployment().name - app: solutionSuffix - } managedIdentities: { systemAssigned: true } appLogsConfiguration: enableMonitoring diff --git a/infra/main.json b/infra/main.json index a6111732..17d42621 100644 --- a/infra/main.json +++ b/infra/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.39.26.7824", - "templateHash": "306303044487815506" + "templateHash": "18378296288333564754" }, "name": "Content Processing Solution Accelerator", "description": "Bicep template to deploy the Content Processing Solution Accelerator with AVM compliance." @@ -45045,7 +45045,7 @@ "value": "[parameters('location')]" }, "tags": { - "value": "[shallowMerge(createArray(resourceGroup().tags, parameters('tags'), createObject('TemplateName', 'Content Processing', 'Type', if(parameters('enablePrivateNetworking'), 'WAF', 'Non-WAF'), 'CreatedBy', parameters('createdBy'), 'DeploymentName', deployment().name, 'app', variables('solutionSuffix'))))]" + "value": "[shallowMerge(createArray(resourceGroup().tags, parameters('tags')))]" }, "managedIdentities": { "value": { diff --git a/infra/main_custom.bicep b/infra/main_custom.bicep index adb83ba3..5a6cb98d 100644 --- a/infra/main_custom.bicep +++ b/infra/main_custom.bicep @@ -919,11 +919,6 @@ module avmContainerAppEnv 'br/public:avm/res/app/managed-environment:0.11.3' = { tags: { ...resourceGroup().tags ...tags - TemplateName: 'Content Processing' - Type: enablePrivateNetworking ? 'WAF' : 'Non-WAF' - CreatedBy: createdBy - DeploymentName: deployment().name - app: solutionSuffix } managedIdentities: { systemAssigned: true } appLogsConfiguration: enableMonitoring