fix: Deployment script removed for storage account key issue (#6440)

## Description

<!--
>Thank you for your contribution !
> Please include a summary of the change and which issue is fixed.
> Please also include the context.
> List any dependencies that are required for this change.

Fixes #123
Closes #123
-->

## Pipeline Reference

<!-- Insert your Pipeline Status Badge below -->

| Pipeline |
| -------- |

[![avm.ptn.sa.conversation-knowledge-mining](https://github.com/Ravikirana-Microsoft/bicep-registry-modules/actions/workflows/avm.ptn.sa.conversation-knowledge-mining.yml/badge.svg?branch=ckm_latest_test)](https://github.com/Ravikirana-Microsoft/bicep-registry-modules/actions/workflows/avm.ptn.sa.conversation-knowledge-mining.yml)

## Type of Change

<!-- Use the checkboxes [x] on the options that are relevant. -->

- Azure Verified Module updates:
- [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT
bumped the MAJOR or MINOR version in `version.json`:
- [ ] Feature update backwards compatible feature updates, and I have
bumped the MINOR version in `version.json`.
- [ ] Breaking changes and I have bumped the MAJOR version in
`version.json`.
  - [ ] Update to documentation
- [ ] Update to CI Environment or utilities (Non-module affecting
changes)

## Checklist

- [x] I'm sure there are no other open Pull Requests for the same
update/change
- [x] I have run `Set-AVMModule` locally to generate the supporting
module files.
- [x] My corresponding pipelines / checks run clean and green without
any errors or warnings
- [x] I have updated the module's CHANGELOG.md file with an entry for
the next version

<!-- Please keep up to date with the contribution guide at
https://aka.ms/avm/contribute/bicep -->

Author: Prajwal-Microsoft

avm/ptn/sa/conversation-knowledge-mining/CHANGELOG.md

@@ -7,6 +7,7 @@ The latest version of the changelog can be found [here](https://github.com/Azure
 ### Changes
 
 - Updated all the moudules including waf & non-waf with readme.
+- Removed usage of dpeloyment script bicep module.
 
 ### Breaking Changes
 

avm/ptn/sa/conversation-knowledge-mining/README.md

@@ -135,8 +135,8 @@ param managedIdentities managedIdentityAllType?
 @description('Optional. Array of deployments about cognitive service accounts to create.')
 param deployments deploymentType[]?
 
-@description('Optional. Key vault reference and secret settings for the module\'s secrets export.')
-param secretsExportConfiguration secretsExportConfigurationType?
+@description('Optional. The resource ID of an existing Foundry project to use.')
+param existingFoundryProjectResourceId string = ''
 
 var formattedUserAssignedIdentities = reduce(
   map((managedIdentities.?userAssignedResourceIds ?? []), (id) => { '${id}': {} }),
@@ -172,7 +172,9 @@ resource cMKUserAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentiti
   )
 }
 
-resource cognitiveServiceNew 'Microsoft.CognitiveServices/accounts@2025-06-01' = {
+var useExistingService = !empty(existingFoundryProjectResourceId)
+
+resource cognitiveServiceNew 'Microsoft.CognitiveServices/accounts@2025-06-01' = if(!useExistingService) {
   name: name
   kind: kind
   identity: identity
@@ -232,58 +234,78 @@ resource cognitiveServiceNew 'Microsoft.CognitiveServices/accounts@2025-06-01' =
   }
 }
 
-module cognitive_service_dependencies './dependencies.bicep' = {
+var existingCognitiveServiceDetails = split(existingFoundryProjectResourceId, '/')
+
+resource cognitiveServiceExisting 'Microsoft.CognitiveServices/accounts@2025-09-01' existing = if(useExistingService) {
+  name: existingCognitiveServiceDetails[8]
+  scope: resourceGroup(existingCognitiveServiceDetails[2], existingCognitiveServiceDetails[4])
+}
+
+module cognitive_service_dependencies './dependencies.bicep' = if(!useExistingService) {
+  params: {
+    projectName: projectName
+    projectDescription: projectDescription
+    name:  cognitiveServiceNew.name
+    location: location
+    deployments: deployments
+    diagnosticSettings: diagnosticSettings
+    lock: lock
+    privateEndpoints: privateEndpoints
+    roleAssignments: roleAssignments
+    sku: sku
+    tags: tags
+  }
+}
+
+module existing_cognitive_service_dependencies './dependencies.bicep' = if(useExistingService) {
   params: {
+    name:  cognitiveServiceExisting.name
     projectName: projectName
     projectDescription: projectDescription
-    name: cognitiveServiceNew.name
+    existingFoundryProjectResourceId: existingFoundryProjectResourceId
     location: location
     deployments: deployments
     diagnosticSettings: diagnosticSettings
     lock: lock
     privateEndpoints: privateEndpoints
     roleAssignments: roleAssignments
-    secretsExportConfiguration: secretsExportConfiguration
     sku: sku
     tags: tags
   }
+  scope: resourceGroup(existingCognitiveServiceDetails[2], existingCognitiveServiceDetails[4])
 }
 
-// ========== Outputs ========== //
+var cognitiveService = useExistingService ? cognitiveServiceExisting : cognitiveServiceNew
 
 @description('The name of the cognitive services account.')
-output name string = cognitiveServiceNew.name
+output name string = useExistingService ? cognitiveServiceExisting.name : cognitiveServiceNew.name
 
 @description('The resource ID of the cognitive services account.')
-output resourceId string = cognitiveServiceNew.id
+output resourceId string = useExistingService ? cognitiveServiceExisting.id : cognitiveServiceNew.id
 
 @description('The resource group the cognitive services account was deployed into.')
-output subscriptionId string = subscription().subscriptionId
+output subscriptionId string =  useExistingService ? existingCognitiveServiceDetails[2] : subscription().subscriptionId
 
 @description('The resource group the cognitive services account was deployed into.')
-output resourceGroupName string = resourceGroup().name
+output resourceGroupName string =  useExistingService ? existingCognitiveServiceDetails[4] : resourceGroup().name
 
 @description('The service endpoint of the cognitive services account.')
-output endpoint string = cognitiveServiceNew.properties.endpoint
+output endpoint string = useExistingService ? cognitiveServiceExisting!.properties.endpoint : cognitiveService.properties.endpoint
 
 @description('All endpoints available for the cognitive services account, types depends on the cognitive service kind.')
-output endpoints endpointType = cognitiveServiceNew.properties.endpoints
+output endpoints endpointType = useExistingService ? cognitiveServiceExisting!.properties.endpoints : cognitiveService.properties.endpoints
 
 @description('The principal ID of the system assigned identity.')
-output systemAssignedMIPrincipalId string? = cognitiveServiceNew.?identity.?principalId
+output systemAssignedMIPrincipalId string? = useExistingService ? cognitiveServiceExisting!.identity.principalId : cognitiveService.?identity.?principalId
 
 @description('The location the resource was deployed into.')
-output location string = cognitiveServiceNew.location
+output location string = useExistingService ? cognitiveServiceExisting!.location : cognitiveService.location
 
-import { secretsOutputType } from 'br/public:avm/utl/types/avm-common-types:0.5.1'
-@description('A hashtable of references to the secrets exported to the provided Key Vault. The key of each reference is each secret\'s name.')
-output exportedSecrets secretsOutputType = cognitive_service_dependencies!.outputs.exportedSecrets
-
-@description('The private endpoints of the cognitive services account.')
-output privateEndpoints privateEndpointOutputType[] = cognitive_service_dependencies!.outputs.privateEndpoints
+@description('The private endpoints of the congitive services account.')
+output privateEndpoints privateEndpointOutputType[] = useExistingService ? existing_cognitive_service_dependencies!.outputs.privateEndpoints : cognitive_service_dependencies!.outputs.privateEndpoints
 
 import { aiProjectOutputType } from './project.bicep'
-output aiProjectInfo aiProjectOutputType = cognitive_service_dependencies!.outputs.aiProjectInfo
+output aiProjectInfo aiProjectOutputType = useExistingService ? existing_cognitive_service_dependencies!.outputs.aiProjectInfo : cognitive_service_dependencies!.outputs.aiProjectInfo
 
 // ================ //
 // Definitions      //
@@ -365,16 +387,3 @@ type endpointType = {
   @description('The endpoint URI.')
   endpoint: string?
 }
-
-@export()
-@description('The type of the secrets exported to the provided Key Vault.')
-type secretsExportConfigurationType = {
-  @description('Required. The key vault name where to store the keys and connection strings generated by the modules.')
-  keyVaultResourceId: string
-
-  @description('Optional. The name for the accessKey1 secret to create.')
-  accessKey1Name: string?
-
-  @description('Optional. The name for the accessKey2 secret to create.')
-  accessKey2Name: string?
-}

avm/ptn/sa/conversation-knowledge-mining/main.bicep

@@ -32,9 +32,6 @@ param tags object?
 @description('Optional. Array of deployments about cognitive service accounts to create.')
 param deployments deploymentType[]?
 
-@description('Optional. Key vault reference and secret settings for the module\'s secrets export.')
-param secretsExportConfiguration secretsExportConfigurationType?
-
 import { privateEndpointSingleServiceType } from 'br/public:avm/utl/types/avm-common-types:0.5.1'
 @description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.')
 param privateEndpoints privateEndpointSingleServiceType[]?
@@ -57,6 +54,9 @@ param projectName string
 @description('Optional. Description  for the project which needs to be created.')
 param projectDescription string
 
+@description('Optional. Provide the existing project resource id in case if it needs to be reused')
+param existingFoundryProjectResourceId string = ''
+
 var builtInRoleNames = {
   'Cognitive Services Contributor': subscriptionResourceId(
     'Microsoft.Authorization/roleDefinitions',
@@ -322,53 +322,21 @@ resource cognitiveService_roleAssignments 'Microsoft.Authorization/roleAssignmen
   }
 ]
 
-module secretsExport './keyVaultExport.bicep' = if (secretsExportConfiguration != null) {
-  name: '${uniqueString(deployment().name, location)}-secrets-kv'
-  scope: resourceGroup(
-    split(secretsExportConfiguration.?keyVaultResourceId!, '/')[2],
-    split(secretsExportConfiguration.?keyVaultResourceId!, '/')[4]
-  )
-  params: {
-    keyVaultName: last(split(secretsExportConfiguration.?keyVaultResourceId!, '/'))
-    secretsToSet: union(
-      [],
-      contains(secretsExportConfiguration!, 'accessKey1Name')
-        ? [
-            {
-              name: secretsExportConfiguration!.?accessKey1Name
-              value: cognitiveService.listKeys().key1
-            }
-          ]
-        : [],
-      contains(secretsExportConfiguration!, 'accessKey2Name')
-        ? [
-            {
-              name: secretsExportConfiguration!.?accessKey2Name
-              value: cognitiveService.listKeys().key2
-            }
-          ]
-        : []
-    )
-  }
-}
-
-module aiProject 'project.bicep' = if (!empty(projectName)) {
+module aiProject 'project.bicep' = if(!empty(projectName) || !empty(existingFoundryProjectResourceId)) {
   name: take('${name}-ai-project-${projectName}-deployment', 64)
   params: {
     name: projectName
     desc: projectDescription
     aiServicesName: cognitiveService.name
     location: location
     tags: tags
+    existingFoundryProjectResourceId: existingFoundryProjectResourceId
   }
+  dependsOn: [
+    cognitiveService_deployments
+  ]
 }
 
-import { secretsOutputType } from 'br/public:avm/utl/types/avm-common-types:0.5.1'
-@description('A hashtable of references to the secrets exported to the provided Key Vault. The key of each reference is each secret\'s name.')
-output exportedSecrets secretsOutputType = (secretsExportConfiguration != null)
-  ? toObject(secretsExport!.outputs.secretsSet, secret => last(split(secret.secretResourceId, '/')), secret => secret)
-  : {}
-
 @description('The private endpoints of the congitive services account.')
 output privateEndpoints privateEndpointOutputType[] = [
   for (pe, index) in (privateEndpoints ?? []): {
@@ -464,15 +432,3 @@ type endpointType = {
   endpoint: string?
 }
 
-@export()
-@description('The type of the secrets exported to the provided Key Vault.')
-type secretsExportConfigurationType = {
-  @description('Required. The key vault name where to store the keys and connection strings generated by the modules.')
-  keyVaultResourceId: string
-
-  @description('Optional. The name for the accessKey1 secret to create.')
-  accessKey1Name: string?
-
-  @description('Optional. The name for the accessKey2 secret to create.')
-  accessKey2Name: string?
-}

avm/ptn/sa/conversation-knowledge-mining/main.json

@@ -13,13 +13,24 @@ param aiServicesName string
 @description('Optional. Tags to be applied to the resources.')
 param tags object = {}
 
+@description('Optional. Use this parameter to use an existing AI project resource ID from different resource group')
+param existingFoundryProjectResourceId string = ''
+
+// // Extract components from existing AI Project Resource ID if provided
+var useExistingProject = !empty(existingFoundryProjectResourceId)
+var existingProjName = useExistingProject ? last(split(existingFoundryProjectResourceId, '/')) : ''
+var existingAiFoundryAiServicesSubscriptionId = useExistingProject ? split(existingFoundryProjectResourceId, '/')[2] : ''
+var existingAiFoundryAiServicesResourceGroupName = useExistingProject ? split(existingFoundryProjectResourceId, '/')[4] : ''
+var existingAiFoundryAiServicesServiceName = useExistingProject ? split(existingFoundryProjectResourceId, '/')[8] : ''
+// Example endpoint (only if existing project provided)
+var existingProjEndpoint = useExistingProject ? format('https://{0}.services.ai.azure.com/api/projects/{1}', existingAiFoundryAiServicesServiceName, existingProjName) : ''
 // Reference to cognitive service in current resource group for new projects
 resource cogServiceReference 'Microsoft.CognitiveServices/accounts@2025-06-01' existing = {
   name: aiServicesName
 }
 
 // Create new AI project only if not reusing existing one
-resource aiProject 'Microsoft.CognitiveServices/accounts/projects@2025-06-01' = {
+resource aiProject 'Microsoft.CognitiveServices/accounts/projects@2025-06-01' = if(!useExistingProject) {
   parent: cogServiceReference
   name: name
   tags: tags
@@ -33,12 +44,18 @@ resource aiProject 'Microsoft.CognitiveServices/accounts/projects@2025-06-01' =
   }
 }
 
+// Reference the existing AI Foundry project if reusing
+resource existingAiProject 'Microsoft.CognitiveServices/accounts/projects@2025-06-01' existing = if (useExistingProject){
+  name: '${existingAiFoundryAiServicesServiceName}/${existingProjName}'
+  scope: resourceGroup(existingAiFoundryAiServicesSubscriptionId, existingAiFoundryAiServicesResourceGroupName)
+}
+
 @description('AI Project metadata including name, resource ID, and API endpoint.')
 output aiProjectInfo aiProjectOutputType = {
-  name: aiProject.name
-  resourceId: aiProject.id
-  apiEndpoint: aiProject!.properties.endpoints['AI Foundry API']
-  aiprojectSystemAssignedMIPrincipalId: aiProject!.identity.principalId
+  name: useExistingProject ? existingProjName : aiProject.name
+  resourceId: useExistingProject ? existingFoundryProjectResourceId : aiProject.id
+  apiEndpoint: useExistingProject ? existingProjEndpoint : aiProject!.properties.endpoints['AI Foundry API']
+  aiprojectSystemAssignedMIPrincipalId : useExistingProject ? existingAiProject!.identity.principalId : aiProject!.identity.principalId
 }
 
 @export()

avm/ptn/sa/conversation-knowledge-mining/modules/ai-services.bicep

@@ -42,7 +42,9 @@ module testDeployment '../../../main.bicep' = [
     name: '${uniqueString(deployment().name, enforcedLocation)}-test-${serviceShort}-${iteration}'
     params: {
       solutionName: take('${namePrefix}${serviceShort}001', 16)
+      location: enforcedLocation
       aiServiceLocation: enforcedLocation
+      usecase: 'telecom'
     }
   }
 ]

avm/ptn/sa/conversation-knowledge-mining/modules/dependencies.bicep

@@ -46,14 +46,17 @@ module testDeployment '../../../main.bicep' = [
     name: '${uniqueString(deployment().name, enforcedLocation)}-test-${serviceShort}-${iteration}'
     params: {
       solutionName: take('${namePrefix}${serviceShort}001', 16)
+      location: enforcedLocation
       aiServiceLocation: enforcedLocation
+      secondaryLocation: enforcedLocation
       enableScalability: true
       enableTelemetry: true
       enableMonitoring: true
       enablePrivateNetworking: true
       enableRedundancy: true
       vmAdminUsername: 'adminuser'
       vmAdminPassword: vmAdminPassword
+      usecase: 'telecom'
     }
   }
 ]