From 4da5f79353e517b2ebb4d59bf046920d9ebe23ed Mon Sep 17 00:00:00 2001 From: "Niraj Chaudhari (Persistent Systems Inc)" Date: Wed, 1 Oct 2025 09:04:01 +0530 Subject: [PATCH 1/4] post deployment script changes --- docs/AVMPostDeploymentGuide.md | 30 +++++++ infra/main.bicep | 4 + infra/scripts/process_sample_data.sh | 128 ++++++++++++++++++--------- 3 files changed, 118 insertions(+), 44 deletions(-) create mode 100644 docs/AVMPostDeploymentGuide.md diff --git a/docs/AVMPostDeploymentGuide.md b/docs/AVMPostDeploymentGuide.md new file mode 100644 index 00000000..0ba7a63b --- /dev/null +++ b/docs/AVMPostDeploymentGuide.md @@ -0,0 +1,30 @@ +# AVM Post Deployment Guide +This document provides guidance on post-deployment steps after deploying the Build Your Own Copilot Accelerator from the [AVM (Azure Verified Modules) repository](https://github.com/Azure/bicep-registry-modules/tree/main/avm/ptn/sa/build-your-own-copilot). + +## Post Deployment Steps +1. Clone the Repository + First, clone this repository to access the post-deployment scripts: + ```bash + git clone https://github.com/microsoft/Build-your-own-copilot-Solution-Accelerator.git + ``` + ```bash + cd Build-your-own-copilot-Solution-Accelerator + ``` + +2. Import Sample Data -Run bash command printed in the terminal. The bash command will look like the following: + + ```bash + ./infra/scripts/process_sample_data.sh + ``` + If the deployment does not exist or has been deleted – The script will prompt you to manually enter the required values + +3. Add Authentication Provider + + Follow steps in [App Authentication](https://github.com/microsoft/Build-your-own-copilot-Solution-Accelerator/blob/main/docs/AppAuthentication.md) to configure authentication in app service. + >Note that Authentication changes can take up to 10 minutes. + +4. Deleting Resources After a Failed Deployment + + Follow steps in [Delete Resource Group](https://github.com/microsoft/Build-your-own-copilot-Solution-Accelerator/blob/main/docs/DeleteResourceGroup.md) if your deployment fails and/or you need to clean up the resources. + +By following these steps, you’ll ensure a smooth transition from deployment to hands-on usage. \ No newline at end of file diff --git a/infra/main.bicep b/infra/main.bicep index 1fb0f6a5..7634defe 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -287,6 +287,7 @@ resource resourceGroupTags 'Microsoft.Resources/tags@2021-04-01' = { TemplateName: 'Client Advisor' Type: enablePrivateNetworking ? 'WAF' : 'Non-WAF' CreatedBy: createdBy + DeploymentName: deployment().name } } } @@ -1367,3 +1368,6 @@ output USE_AI_PROJECT_CLIENT string = useAIProjectClientFlag @description('Indicates whether the internal stream should be used.') output USE_INTERNAL_STREAM string = useInternalStream + +@description('The subscription ID where the resources are deployed.') +output AZURE_SUBSCRIPTION_ID string = subscription().subscriptionId diff --git a/infra/scripts/process_sample_data.sh b/infra/scripts/process_sample_data.sh index c0b9f8a3..224290b1 100644 --- a/infra/scripts/process_sample_data.sh +++ b/infra/scripts/process_sample_data.sh @@ -2,16 +2,6 @@ # Variables resourceGroupName="$1" - cosmosDbAccountName="$2" - storageAccount="$3" - fileSystem="$4" - keyvaultName="$5" - sqlServerName="$6" - SqlDatabaseName="$7" - webAppManagedIdentityClientId="$8" - webAppManagedIdentityDisplayName="$9" - aiSearchName="${10}" - aif_resource_id="${11}" # Global variables to track original network access states original_storage_public_access="" @@ -20,6 +10,7 @@ aif_resource_group="" aif_account_resource_id="" # Add global variable for SQL Server public access + original_sql_public_access="" created_sql_allow_all_firewall_rule="false" original_full_range_rule_present="false" @@ -286,53 +277,102 @@ # Set up trap to ensure cleanup happens on exit trap cleanup_on_exit EXIT INT TERM - # get parameters from azd env, if not provided - if [ -z "$resourceGroupName" ]; then - resourceGroupName=$(azd env get-value RESOURCE_GROUP_NAME) + if az account show &> /dev/null; then + echo "Already authenticated with Azure." + else + echo "Authenticating with Azure CLI..." + az login + echo "Authenticated with Azure CLI." fi + # fetch all variables from deployment outputs - if [ -z "$cosmosDbAccountName" ]; then - cosmosDbAccountName=$(azd env get-value COSMOSDB_ACCOUNT_NAME) - fi + deploymentName=$(az group show --name "$resourceGroupName" --query "tags.DeploymentName" -o tsv) + echo "Deployment Name (from tag): $deploymentName" - if [ -z "$storageAccount" ]; then - storageAccount=$(azd env get-value STORAGE_ACCOUNT_NAME) - fi +if az deployment group show --resource-group "$resourceGroupName" --name "$deploymentName" &>/dev/null; then + cosmosDbAccountName=$(az deployment group show \ + --name "$deploymentName" \ + --resource-group "$resourceGroupName" \ + --query "properties.outputs.cosmosdB_ACCOUNT_NAME.value" -o tsv) + echo "Cosmos DB Account Name (from outputs): $cosmosDbAccountName" - if [ -z "$fileSystem" ]; then - fileSystem=$(azd env get-value STORAGE_CONTAINER_NAME) - fi + storageAccount=$(az deployment group show \ + --name "$deploymentName" \ + --resource-group "$resourceGroupName" \ + --query "properties.outputs.storagE_ACCOUNT_NAME.value" -o tsv) + echo "Storage Account Name (from outputs): $storageAccount" - if [ -z "$keyvaultName" ]; then - keyvaultName=$(azd env get-value KEY_VAULT_NAME) - fi + fileSystem=$(az deployment group show \ + --name "$deploymentName" \ + --resource-group "$resourceGroupName" \ + --query "properties.outputs.storagE_CONTAINER_NAME.value" -o tsv) + echo "Storage Container Name (from outputs): $fileSystem" - if [ -z "$sqlServerName" ]; then - sqlServerName=$(azd env get-value SQLDB_SERVER_NAME) - fi + keyvaultName=$(az deployment group show \ + --name "$deploymentName" \ + --resource-group "$resourceGroupName" \ + --query "properties.outputs.keY_VAULT_NAME.value" -o tsv) + echo "Key Vault Name (from outputs): $keyvaultName" - if [ -z "$SqlDatabaseName" ]; then - SqlDatabaseName=$(azd env get-value SQLDB_DATABASE) - fi + sqlServerName=$(az deployment group show \ + --name "$deploymentName" \ + --resource-group "$resourceGroupName" \ + --query "properties.outputs.sqldB_SERVER_NAME.value" -o tsv) + echo "SQL Server Name (from outputs): $sqlServerName" - if [ -z "$webAppManagedIdentityClientId" ]; then - webAppManagedIdentityClientId=$(azd env get-value MANAGEDIDENTITY_WEBAPP_CLIENTID) - fi + SqlDatabaseName=$(az deployment group show \ + --name "$deploymentName" \ + --resource-group "$resourceGroupName" \ + --query "properties.outputs.sqldB_DATABASE.value" -o tsv) + echo "SQL Database Name (from outputs): $SqlDatabaseName" - if [ -z "$webAppManagedIdentityDisplayName" ]; then - webAppManagedIdentityDisplayName=$(azd env get-value MANAGEDIDENTITY_WEBAPP_NAME) - fi + webAppManagedIdentityClientId=$(az deployment group show \ + --name "$deploymentName" \ + --resource-group "$resourceGroupName" \ + --query "properties.outputs.managedidentitY_WEBAPP_CLIENTID.value" -o tsv) + echo "Web App Managed Identity Client ID (from outputs): $webAppManagedIdentityClientId" - if [ -z "$aiSearchName" ]; then - aiSearchName=$(azd env get-value AI_SEARCH_SERVICE_NAME) - fi + webAppManagedIdentityDisplayName=$(az deployment group show \ + --name "$deploymentName" \ + --resource-group "$resourceGroupName" \ + --query "properties.outputs.managedidentitY_WEBAPP_NAME.value" -o tsv) + echo "Web App Managed Identity Display Name (from outputs): $webAppManagedIdentityDisplayName" - if [ -z "$aif_resource_id" ]; then - aif_resource_id=$(azd env get-value AI_FOUNDRY_RESOURCE_ID) - fi + aiSearchName=$(az deployment group show \ + --name "$deploymentName" \ + --resource-group "$resourceGroupName" \ + --query "properties.outputs.aI_SEARCH_SERVICE_NAME.value" -o tsv) + echo "AI Search Service Name (from outputs): $aiSearchName" - azSubscriptionId=$(azd env get-value AZURE_SUBSCRIPTION_ID) + aif_resource_id=$(az deployment group show \ + --name "$deploymentName" \ + --resource-group "$resourceGroupName" \ + --query "properties.outputs.aI_FOUNDRY_RESOURCE_ID.value" -o tsv) + echo "AI Foundry Resource ID (from outputs): $aif_resource_id" + + azSubscriptionId=$(az deployment group show \ + --name "$deploymentName" \ + --resource-group "$resourceGroupName" \ + --query "properties.outputs.azurE_SUBSCRIPTION_ID.value" -o tsv) + + echo "Azure Subscription ID (from outputs): $azSubscriptionId" +else + echo "Deployment does NOT exist in resource group $resourceGroupName." + echo "Please enter required values manually." + + read -rp "Enter Cosmos DB Account Name: " cosmosDbAccountName + read -rp "Enter Storage Account Name: " storageAccount + read -rp "Enter Storage Container/File System Name: " fileSystem + read -rp "Enter SQL Server Name: " sqlServerName + read -rp "Enter SQL Database Name: " SqlDatabaseName + read -rp "Enter Key Vault Name: " keyvaultName + read -rp "Enter Web App Managed Identity Display Name: " webAppManagedIdentityDisplayName + read -rp "Enter Web App Managed Identity Client ID: " webAppManagedIdentityClientId + read -rp "Enter AI Search Service Name: " aiSearchName + read -rp "Enter AI Foundry Resource ID: " aif_resource_id + read -rp "Enter Azure Subscription ID: " azSubscriptionId +fi # Check if all required arguments are provided if [ -z "$resourceGroupName" ] || [ -z "$cosmosDbAccountName" ] || [ -z "$storageAccount" ] || [ -z "$fileSystem" ] || [ -z "$keyvaultName" ] || [ -z "$sqlServerName" ] || [ -z "$SqlDatabaseName" ] || [ -z "$webAppManagedIdentityClientId" ] || [ -z "$webAppManagedIdentityDisplayName" ] || [ -z "$aiSearchName" ] || [ -z "$aif_resource_id" ]; then From 536d6c612171f7640bff186214282a2e701a097c Mon Sep 17 00:00:00 2001 From: "Niraj Chaudhari (Persistent Systems Inc)" Date: Thu, 9 Oct 2025 20:21:04 +0530 Subject: [PATCH 2/4] script fix --- azure.yaml | 4 ++-- docs/AVMPostDeploymentGuide.md | 2 +- infra/main.bicep | 2 ++ infra/scripts/process_sample_data.sh | 18 ++++++++++++++++++ 4 files changed, 23 insertions(+), 3 deletions(-) diff --git a/azure.yaml b/azure.yaml index f8a7f360..c9bcc1d3 100644 --- a/azure.yaml +++ b/azure.yaml @@ -16,7 +16,7 @@ hooks: Write-Host "Web app URL: " Write-Host "$env:WEB_APP_URL" -ForegroundColor Cyan Write-Host "`nRun the following command in your Bash terminal. It will grant the necessary permissions between resources and your user account, and also process and load the sample data into the application." - Write-Host "bash ./infra/scripts/process_sample_data.sh" -ForegroundColor Cyan + Write-Host "bash ./infra/scripts/process_sample_data.sh $env:AZURE_RESOURCE_GROUP_NAME" -ForegroundColor Cyan shell: pwsh continueOnError: false interactive: true @@ -26,7 +26,7 @@ hooks: echo $WEB_APP_URL echo "" echo "Run the following command in your Bash terminal. It will grant the necessary permissions between resources and your user account, and also process and load the sample data into the application." - echo "bash ./infra/scripts/process_sample_data.sh" + echo "bash ./infra/scripts/process_sample_data.sh $env:AZURE_RESOURCE_GROUP_NAME" shell: sh continueOnError: false interactive: true diff --git a/docs/AVMPostDeploymentGuide.md b/docs/AVMPostDeploymentGuide.md index 0ba7a63b..3fb0dc79 100644 --- a/docs/AVMPostDeploymentGuide.md +++ b/docs/AVMPostDeploymentGuide.md @@ -14,7 +14,7 @@ This document provides guidance on post-deployment steps after deploying the Bui 2. Import Sample Data -Run bash command printed in the terminal. The bash command will look like the following: ```bash - ./infra/scripts/process_sample_data.sh + bash ./infra/scripts/process_sample_data.sh ``` If the deployment does not exist or has been deleted – The script will prompt you to manually enter the required values diff --git a/infra/main.bicep b/infra/main.bicep index aab96329..061f55d8 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -1382,3 +1382,5 @@ output USE_AI_PROJECT_CLIENT string = useAIProjectClientFlag @description('Indicates whether the internal stream should be used.') output USE_INTERNAL_STREAM string = useInternalStream +@description('The Azure Subscription ID where the resources are deployed.') +output AZURE_SUBSCRIPTION_ID string = subscription().subscriptionId diff --git a/infra/scripts/process_sample_data.sh b/infra/scripts/process_sample_data.sh index 546da9e7..7711e4ec 100644 --- a/infra/scripts/process_sample_data.sh +++ b/infra/scripts/process_sample_data.sh @@ -330,6 +330,24 @@ if az deployment group show --resource-group "$resourceGroupName" --name "$deplo --query "properties.outputs.managedidentitY_WEBAPP_NAME.value" -o tsv) echo "Web App Managed Identity Display Name (from outputs): $webAppManagedIdentityDisplayName" + SqlDatabaseName=$(az deployment group show \ + --name "$deploymentName" \ + --resource-group "$resourceGroupName" \ + --query "properties.outputs.sqldB_DATABASE.value" -o tsv) + echo "SQL Database Name (from outputs): $SqlDatabaseName" + + sqlManagedIdentityClientId=$(az deployment group show \ + --name "$deploymentName" \ + --resource-group "$resourceGroupName" \ + --query "properties.outputs.managedidentitY_SQL_CLIENTID.value" -o tsv) + echo "SQL Managed Identity Client ID (from outputs): $sqlManagedIdentityClientId" + + sqlManagedIdentityDisplayName=$(az deployment group show \ + --name "$deploymentName" \ + --resource-group "$resourceGroupName" \ + --query "properties.outputs.managedidentitY_SQL_NAME.value" -o tsv) + echo "SQL Managed Identity Display Name (from outputs): $sqlManagedIdentityDisplayName" + aiSearchName=$(az deployment group show \ --name "$deploymentName" \ --resource-group "$resourceGroupName" \ From 568181aefa58956c1342442aa04fd3240eb70507 Mon Sep 17 00:00:00 2001 From: "Niraj Chaudhari (Persistent Systems Inc)" Date: Thu, 9 Oct 2025 21:27:22 +0530 Subject: [PATCH 3/4] update azure.yml --- azure.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/azure.yaml b/azure.yaml index c9bcc1d3..4c3ca3b0 100644 --- a/azure.yaml +++ b/azure.yaml @@ -16,7 +16,7 @@ hooks: Write-Host "Web app URL: " Write-Host "$env:WEB_APP_URL" -ForegroundColor Cyan Write-Host "`nRun the following command in your Bash terminal. It will grant the necessary permissions between resources and your user account, and also process and load the sample data into the application." - Write-Host "bash ./infra/scripts/process_sample_data.sh $env:AZURE_RESOURCE_GROUP_NAME" -ForegroundColor Cyan + Write-Host "bash ./infra/scripts/process_sample_data.sh $env:AZURE_RESOURCE_GROUP" -ForegroundColor Cyan shell: pwsh continueOnError: false interactive: true @@ -26,7 +26,7 @@ hooks: echo $WEB_APP_URL echo "" echo "Run the following command in your Bash terminal. It will grant the necessary permissions between resources and your user account, and also process and load the sample data into the application." - echo "bash ./infra/scripts/process_sample_data.sh $env:AZURE_RESOURCE_GROUP_NAME" + echo "bash ./infra/scripts/process_sample_data.sh $env:AZURE_RESOURCE_GROUP" shell: sh continueOnError: false interactive: true From 090534e1bbb589439c4580823c7c4137a36027a6 Mon Sep 17 00:00:00 2001 From: "Niraj Chaudhari (Persistent Systems Inc)" Date: Thu, 9 Oct 2025 21:53:48 +0530 Subject: [PATCH 4/4] fix script 1 --- infra/scripts/process_sample_data.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/infra/scripts/process_sample_data.sh b/infra/scripts/process_sample_data.sh index 7711e4ec..4f055ea7 100644 --- a/infra/scripts/process_sample_data.sh +++ b/infra/scripts/process_sample_data.sh @@ -330,6 +330,12 @@ if az deployment group show --resource-group "$resourceGroupName" --name "$deplo --query "properties.outputs.managedidentitY_WEBAPP_NAME.value" -o tsv) echo "Web App Managed Identity Display Name (from outputs): $webAppManagedIdentityDisplayName" + webAppManagedIdentityClientId=$(az deployment group show \ + --name "$deploymentName" \ + --resource-group "$resourceGroupName" \ + --query "properties.outputs.managedidentitY_WEBAPP_CLIENTID.value" -o tsv) + echo "Web App Managed Identity Client ID (from outputs): $webAppManagedIdentityClientId" + SqlDatabaseName=$(az deployment group show \ --name "$deploymentName" \ --resource-group "$resourceGroupName" \ @@ -378,6 +384,8 @@ else read -rp "Enter Key Vault Name: " keyvaultName read -rp "Enter Web App Managed Identity Display Name: " webAppManagedIdentityDisplayName read -rp "Enter Web App Managed Identity Client ID: " webAppManagedIdentityClientId + read -rp "Enter SQL Managed Identity Display Name: " sqlManagedIdentityDisplayName + read -rp "Enter SQL Managed Identity Client ID: " sqlManagedIdentityClientId read -rp "Enter AI Search Service Name: " aiSearchName read -rp "Enter AI Foundry Resource ID: " aif_resource_id read -rp "Enter Azure Subscription ID: " azSubscriptionId