Adding support for billing policy (#214)

* fix: update README to include Azure CLI installation instructions and correct typos

* feat: enable use_cli for Power Platform provider as default login type

* fix: update default value of RunSolutionChecker parameter to false

* feat: add Power Platform billing policy configuration and related variables

* fix: align formatting of power_platform_billing_policy variable definition

* fix: update dependency groups in dependabot configuration

* fix: update README and Terraform files for billing policy and storage container access

* fix: align formatting of billing policy name variable

* Update azd-hooks/scripts/hooks/postprovision/deploy_power_platform_solution.ps1

Co-authored-by: Matt Dotson <[email protected]>

* feat: consolidate billing policy resources into power_platform_core.tf

* fix: update environment variable checks in preprovision script for RS_CONTAINER_NAME

* fix: remove unnecessary newlines in provider.tf

* fix: format code for consistency in power_platform_core.tf

---------

Co-authored-by: Matt Dotson <[email protected]>

Author: mawasile

.github/dependabot.yml

@@ -7,7 +7,7 @@ updates:
     commit-message:
       prefix: "chore(deps):"
     groups:
-      all-dependencies:
+      devcontainer:
         patterns:
           - "*"
   - package-ecosystem: "terraform"
@@ -19,7 +19,7 @@ updates:
     commit-message:
       prefix: "chore(deps):"
     groups:
-      all-dependencies:
+      terraform-providers:
         patterns:
           - "*"
   - package-ecosystem: "github-actions"
@@ -29,6 +29,6 @@ updates:
     commit-message:
       prefix: "chore(deps):"
     groups:
-      all-dependencies:
+      github-actions:
         patterns:
           - "*"

README.md

@@ -75,9 +75,17 @@ This architecture ensures that sensitive enterprise data never traverses public
   - [**Copilot in Power Apps**](https://learn.microsoft.com/en-us/power-apps/maker/canvas-apps/ai-overview?WT.mc_id=ppac_inproduct_settings): Enable this setting to allow AI-powered assistance within Power Apps development
   - [**Publish Copilots with AI features**](https://learn.microsoft.com/en-us/microsoft-copilot-studio/security-and-governance): Allow Copilot authors to publish from Copilot Studio when AI features are enabled  
 - **Power Platform licenses**. The designated user must have the following Power Platform licenses assigned:
-  - Microsoft Power Apps
-  - Power Automate  
-  - Copilot Studio
+    - **Microsoft Power Apps**
+    - **Power Automate**
+    - **Copilot Studio**
+
+    To simplify license management, you can use an Azure subscription with a Billing Policy instead of assigning licenses directly. Configure this by using the following flag:
+
+    ```shell
+    azd env set USE_BILLING_POLICY "true"
+    ```
+
+    **Note:** After creating the Billing Policy, navigate to the [Power Platform Admin Center](https://aka.ms/ppac) and ensure that the *Copilot Studio* product is selected. This is a known issue that will be addressed in future updates.
 
 ### User Configuration
 
@@ -125,6 +133,7 @@ A related option is VS Code Dev Containers, which will open the project in your
 
 1. Install the required tools:
 
+    - [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-windows?view=azure-cli-latest&pivots=winget) - Required for managing Azure resources and authentication
     - [Azure Developer CLI](https://learn.microsoft.com/en-us/azure/developer/azure-developer-cli/install-azd) - Platform-specific installers available via package managers or direct download
     - [PowerShell 7](https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell?view=powershell-7.5) - Required for non-Windows systems; Windows users may use built-in PowerShell
     - [.NET 8.0 SDK](https://dotnet.microsoft.com/en-us/download/dotnet/8.0) - Includes .NET CLI, runtime, and development tools
@@ -149,7 +158,7 @@ A related option is VS Code Dev Containers, which will open the project in your
 
 The steps below will provision Azure and Power Platform resources and will deploy Copilot Studio bot.
 
-1. Login to you Azure and config azd to use Az CLI authentication:
+1. Login to your Azure account and config azd to use Az CLI authentication:
 
     ```shell
     az login --service-principal --username <SP_CLIENT_ID> --password <SP_SECRET> --tenant <TENANT_ID>
@@ -160,7 +169,6 @@ The steps below will provision Azure and Power Platform resources and will deplo
 
     ```shell
     pac auth create --name az-cli-auth --applicationId <SP_CLIENT_ID> --clientSecret <SP_SECRET> --tenant <TENANT_ID> --accept-cleartext-caching
-    export POWER_PLATFORM_USE_CLI="true"
     ```
 
     *Note: the `pac auth create` command may return a warning about being unable to connect to a Dataverse organization. This is expected, and will not impact the deployment.*

azd-hooks/scripts/hooks/postprovision/deploy_power_platform_solution.ps1

@@ -26,7 +26,7 @@
     ID of the Power Platform environment to deploy to
 
 .PARAMETER RunSolutionChecker
-    Whether to run solution checker after deployment (default: true)
+    Whether to run solution checker after deployment (default: false)
 
 .PARAMETER AISearchConnectionId
     Direct connection ID for the Azure AI Search connector (highest priority)

azd-hooks/scripts/hooks/preprovision/run_preconfig.ps1

@@ -1,3 +1,13 @@
+<#
+.SYNOPSIS
+Checks the existence of the RS_CONTAINER_NAME environment variable.
+
+.DESCRIPTION
+This script checks if the RS_CONTAINER_NAME environment variable is set. 
+The presence or absence of this variable is used to determine whether 
+local storage should be used or not.
+
+#>
 $script:infraDir = "infra"
 $script:providerConfPath = Join-Path $script:infraDir "provider.conf.json"
 $script:providerTfPath = Join-Path $script:infraDir "provider.tf"
@@ -130,31 +140,30 @@ terraform {
     }
 }
 
-Write-Host "Checking if USE_LOCAL_STATE environment variable exists..."
 
-# Check if USE_LOCAL_STATE azd environment variable exists
+Write-Host "Checking if RS_CONTAINER_NAME environment variable exists..."
+# Check if RS_CONTAINER_NAME azd environment variable exists
 try {
 
-    $useLocalState = azd env get-value USE_LOCAL_STATE 2>$null
-    if ($LASTEXITCODE -eq 0 -and $useLocalState) {
-        Write-Host "✓ USE_LOCAL_STATE environment variable exists with value: $useLocalState"
+    $rsContainerName = azd env get-value RS_CONTAINER_NAME 2>$null
+    if ($LASTEXITCODE -eq 0 -and $rsContainerName) {
+        Write-Host "✓ RS_CONTAINER_NAME environment variable exists with value: $rsContainerName"
 
-        # Check if the value is set to true (case insensitive)
-        if ($useLocalState.ToLower() -eq "true") {
-            Write-Host "✓ Local state is enabled"
-            Initialize-LocalStorage
-        } else {
-            Write-Host "ℹ Local state is disabled (value: $useLocalState)"
+        # Check if the value is not empty or null
+        if (-not [string]::IsNullOrWhiteSpace($rsContainerName)) {
+            Write-Host "✓ RS_CONTAINER_NAME is set to a valid value"
             Initialize-RemoteStorage
+        } else {
+            Write-Host "ℹ RS_CONTAINER_NAME is empty or null"
+            Initialize-LocalStorage
         }
     } else {
-        Write-Host "✗ USE_LOCAL_STATE environment variable does not exist or is empty"
-        azd env set USE_LOCAL_STATE false
-        Initialize-RemoteStorage
-     
+        Write-Host "✗ RS_CONTAINER_NAME environment variable does not exist or is empty"
+        azd env set RS_CONTAINER_NAME ""
+        Initialize-LocalStorage
     }
 } catch {
-    Write-Host "✗ Error checking USE_LOCAL_STATE environment variable: $($_.Exception.Message)"
+    Write-Host "✗ Error checking RS_CONTAINER_NAME environment variable: $($_.Exception.Message)"
     Write-Host "ℹ Make sure you're in an azd environment directory"
     exit 1
 }

infra/main.tf

@@ -43,6 +43,14 @@ module "copilot_studio" {
   #  and the module will attempt to manage the existing environment instead.
   power_platform_environment         = var.power_platform_environment
   power_platform_managed_environment = var.power_platform_managed_environment
+
+  # Power Platform billing policy configuration
+  # Controls whether the module should create a new billing policy or use an existing one
+  power_platform_billing_policy = {
+    name          = var.power_platform_billing_policy.name
+    should_create = var.use_billing_policy
+  }
+  subscription_id = data.azurerm_client_config.current.subscription_id
 }
 
 # Example tenant settings to support generative answers in Copilot.

infra/main.tfvars.json

@@ -1,5 +1,6 @@
 {
     "location": "${AZURE_LOCATION}",
+    "use_billing_policy": "${USE_BILLING_POLICY:-false}",
     "azd_environment_name": "${AZURE_ENV_NAME}",
     "resource_share_user": ${RESOURCE_SHARE_USER},
     "deploy_github_runner": "${DEPLOY_GITHUB_RUNNER:-false}",

infra/modules/copilot_studio/power_platform_core.tf

@@ -6,11 +6,25 @@ locals {
   power_platform_environment_location = coalesce(var.power_platform_environment.location, powerplatform_environment.this[0].location)
 }
 
+resource "powerplatform_billing_policy" "this" {
+  count = var.power_platform_billing_policy.should_create && var.power_platform_environment.id == "" ? 1 : 0
+
+  name     = "${var.power_platform_billing_policy.name}${var.unique_id}"
+  location = var.power_platform_environment.location
+  status   = "Enabled"
+  billing_instrument = {
+    resource_group  = var.resource_group_name
+    subscription_id = var.subscription_id
+  }
+}
+
 resource "powerplatform_environment" "this" {
-  count            = var.power_platform_environment.id == "" ? 1 : 0
-  location         = var.power_platform_environment.location
-  display_name     = "${var.power_platform_environment.name} - ${var.unique_id}"
-  environment_type = var.power_platform_environment.environment_type
+  count = var.power_platform_environment.id == "" ? 1 : 0
+
+  billing_policy_id = var.power_platform_billing_policy.should_create ? powerplatform_billing_policy.this[0].id : null
+  location          = var.power_platform_environment.location
+  display_name      = "${var.power_platform_environment.name} - ${var.unique_id}"
+  environment_type  = var.power_platform_environment.environment_type
   dataverse = {
     language_code     = var.power_platform_environment.language_code
     currency_code     = var.power_platform_environment.currency_code

infra/modules/copilot_studio/variables.tf

@@ -9,6 +9,21 @@ variable "failover_vnet_name" {
 }
 
 
+variable "power_platform_billing_policy" {
+  type = object({
+    should_create = optional(bool, false)
+    name          = string
+  })
+  description = <<DESCRIPTION
+  - `name`: The name of the Power Platform billing policy.
+  - `should_create`: If set to false, the billing policy will not be created. Defaults to false.
+DESCRIPTION
+}
+
+variable "subscription_id" {
+  description = "The Azure subscription ID to use for billing."
+  type        = string
+}
 
 variable "power_platform_environment" {
   type = object({

infra/provider.tf

@@ -72,7 +72,7 @@ provider "azapi" {
 data "azurerm_client_config" "current" {}
 
 # Configure Power Platform provider
-provider "powerplatform" {}
-
-
-
+provider "powerplatform" {
+  # PowerPlatform provider will use the same credentials as Azure provider by default
+  use_cli = true
+}

infra/variables.tf

@@ -224,6 +224,26 @@ variable "location" {
   nullable    = false
 }
 
+variable "use_billing_policy" {
+  type        = bool
+  default     = false
+  description = "If true, the billing policy will be created. If false, the billing policy will not be created."
+}
+
+variable "power_platform_billing_policy" {
+  type = object({
+    should_create = optional(bool, false)
+    name          = string
+  })
+  default = {
+    name = "copilotStudioBillingPolicy"
+  }
+  description = <<DESCRIPTION
+  - `name`: The name of the Power Platform billing policy.
+  - `should_create`: If set to false, the billing policy will not be created. Defaults to false.
+DESCRIPTION
+}
+
 variable "power_platform_environment" {
   type = object({
     name              = string