Disable key-based storage account access in Bicep (#1518)

* Configure Azure Developer Pipeline

* Configure Azure Developer Pipeline

* Update pricing calculator link

* Disable key access for our storage accounts

Author: pamelafox

app/backend/approaches/retrievethenread.py

@@ -1,4 +1,3 @@
-import os
 from typing import Any, AsyncGenerator, Optional, Union
 
 from azure.search.documents.aio import SearchClient
@@ -9,10 +8,6 @@
 from core.authentication import AuthenticationHelper
 from core.messagebuilder import MessageBuilder
 
-# Replace these with your own values, either in environment variables or directly here
-AZURE_STORAGE_ACCOUNT = os.getenv("AZURE_STORAGE_ACCOUNT")
-AZURE_STORAGE_CONTAINER = os.getenv("AZURE_STORAGE_CONTAINER")
-
 
 class RetrieveThenReadApproach(Approach):
     """

app/backend/approaches/retrievethenreadvision.py

@@ -1,4 +1,3 @@
-import os
 from typing import Any, AsyncGenerator, Awaitable, Callable, Optional, Union
 
 from azure.search.documents.aio import SearchClient
@@ -14,10 +13,6 @@
 from core.imageshelper import fetch_image
 from core.messagebuilder import MessageBuilder
 
-# Replace these with your own values, either in environment variables or directly here
-AZURE_STORAGE_ACCOUNT = os.getenv("AZURE_STORAGE_ACCOUNT")
-AZURE_STORAGE_CONTAINER = os.getenv("AZURE_STORAGE_CONTAINER")
-
 
 class RetrieveThenReadVisionApproach(Approach):
     """

infra/main.bicep

@@ -448,6 +448,7 @@ module storage 'core/storage/storage-account.bicep' = {
     location: storageResourceGroupLocation
     tags: tags
     allowBlobPublicAccess: false
+    allowSharedKeyAccess: false
     publicNetworkAccess: 'Enabled'
     sku: {
       name: storageSkuName
@@ -473,6 +474,7 @@ module userStorage 'core/storage/storage-account.bicep' = if (useUserUpload) {
     location: storageResourceGroupLocation
     tags: tags
     allowBlobPublicAccess: false
+    allowSharedKeyAccess: false
     publicNetworkAccess: 'Enabled'
     isHnsEnabled: true
     sku: {