diff --git a/azure.yaml b/azure.yaml index 4c3ca3b0..f8a7f360 100644 --- a/azure.yaml +++ b/azure.yaml @@ -16,7 +16,7 @@ hooks: Write-Host "Web app URL: " Write-Host "$env:WEB_APP_URL" -ForegroundColor Cyan Write-Host "`nRun the following command in your Bash terminal. It will grant the necessary permissions between resources and your user account, and also process and load the sample data into the application." - Write-Host "bash ./infra/scripts/process_sample_data.sh $env:AZURE_RESOURCE_GROUP" -ForegroundColor Cyan + Write-Host "bash ./infra/scripts/process_sample_data.sh" -ForegroundColor Cyan shell: pwsh continueOnError: false interactive: true @@ -26,7 +26,7 @@ hooks: echo $WEB_APP_URL echo "" echo "Run the following command in your Bash terminal. It will grant the necessary permissions between resources and your user account, and also process and load the sample data into the application." - echo "bash ./infra/scripts/process_sample_data.sh $env:AZURE_RESOURCE_GROUP" + echo "bash ./infra/scripts/process_sample_data.sh" shell: sh continueOnError: false interactive: true diff --git a/docs/AVMPostDeploymentGuide.md b/docs/AVMPostDeploymentGuide.md index 3fb0dc79..176d335d 100644 --- a/docs/AVMPostDeploymentGuide.md +++ b/docs/AVMPostDeploymentGuide.md @@ -1,30 +1,51 @@ # AVM Post Deployment Guide + +> **📋 Note**: This guide is specifically for post-deployment steps after using the AVM template. For complete deployment from scratch, see the main [Deployment Guide](./DeploymentGuide.md). + +--- + This document provides guidance on post-deployment steps after deploying the Build Your Own Copilot Accelerator from the [AVM (Azure Verified Modules) repository](https://github.com/Azure/bicep-registry-modules/tree/main/avm/ptn/sa/build-your-own-copilot). ## Post Deployment Steps -1. Clone the Repository - First, clone this repository to access the post-deployment scripts: - ```bash - git clone https://github.com/microsoft/Build-your-own-copilot-Solution-Accelerator.git - ``` - ```bash - cd Build-your-own-copilot-Solution-Accelerator - ``` -2. Import Sample Data -Run bash command printed in the terminal. The bash command will look like the following: +### 1. Clone the Repository +First, clone this repository to access the post-deployment scripts: + +```bash +git clone https://github.com/microsoft/Build-your-own-copilot-Solution-Accelerator.git +cd Build-your-own-copilot-Solution-Accelerator +``` + +### 2. Import Sample Data + +**Choose the appropriate command based on your deployment method:** + +**If you deployed using custom templates, ARM/Bicep deployments, or `az deployment group` commands:** +```bash +bash ./infra/scripts/process_sample_data.sh +``` +> **Note**: Replace `` with the actual name of the resource group containing your deployed Azure resources. + +> **💡 Tip**: If the deployment metadata does not exist in Azure or has been deleted, the script will prompt you to manually enter the required configuration values. + +**If you deployed using `azd up` command:** +```bash +bash ./infra/scripts/process_sample_data.sh +``` +> **Note**: The script will automatically take required values from your `azd` environment. + +> **💡 Tip**: Since this guide is for AVM deployments, you'll most likely use the first command with your resource group name. + +### 3. Configure Authentication - ```bash - bash ./infra/scripts/process_sample_data.sh - ``` - If the deployment does not exist or has been deleted – The script will prompt you to manually enter the required values +Follow the steps in [App Authentication](./AppAuthentication.md) to configure authentication in App Service. -3. Add Authentication Provider +> **Note**: Authentication changes can take up to 10 minutes to propagate. - Follow steps in [App Authentication](https://github.com/microsoft/Build-your-own-copilot-Solution-Accelerator/blob/main/docs/AppAuthentication.md) to configure authentication in app service. - >Note that Authentication changes can take up to 10 minutes. +### 4. Troubleshooting: Cleaning Up After a Failed Deployment -4. Deleting Resources After a Failed Deployment +If your deployment fails and you need to clean up resources, follow the steps in [Delete Resource Group](./DeleteResourceGroup.md). - Follow steps in [Delete Resource Group](https://github.com/microsoft/Build-your-own-copilot-Solution-Accelerator/blob/main/docs/DeleteResourceGroup.md) if your deployment fails and/or you need to clean up the resources. +--- -By following these steps, you’ll ensure a smooth transition from deployment to hands-on usage. \ No newline at end of file +By following these steps, you'll ensure a smooth transition from deployment to hands-on usage. \ No newline at end of file diff --git a/docs/DeploymentGuide.md b/docs/DeploymentGuide.md index 496f0052..d3498bfc 100644 --- a/docs/DeploymentGuide.md +++ b/docs/DeploymentGuide.md @@ -86,7 +86,7 @@ You can run this solution using [GitHub Codespaces](https://docs.github.com/en/c
- Deploy in VS Code + Deploy in VS Code Dev Containers ### VS Code Dev Containers @@ -136,26 +136,7 @@ Consider the following settings during your deployment to modify specific settin
Configurable Deployment Settings -When you start the deployment, most parameters will have **default values**, but you can update the below settings by following the steps [here](CustomizingAzdParameters.md): - - -| **Setting** | **Description** | **Default value** | -| ------------------------------------ | -------------------------------------------------------------------------------------------------- | ------------------------ | -| **Environment Name** | A **3-20 character alphanumeric value** used to generate a unique ID to prefix the resources. | `azdtemp` | -| **Cosmos Location** | A **less busy** region for **CosmosDB**, useful in case of availability constraints. | `eastus2` | -| **Deployment Type** | Select from a drop-down list (`Standard`, `GlobalStandard`). | `GlobalStandard` | -| **GPT Model** | Azure OpenAI GPT model to deploy. | `gpt-4o-mini` | -| **GPT Model Deployment Capacity** | Configure capacity for **GPT models**. Choose based on Azure OpenAI quota. | `30` | -| **Embedding Model** | OpenAI embedding model used for vector similarity. | `text-embedding-ada-002` | -| **Embedding Model Capacity** | Set the capacity for **embedding models**. Choose based on usage and quota. | `80` | -| **Image Tag** | The version of the Docker image to use (e.g., `latest_waf`, `dev`, `hotfix`). | `latest_waf` | -| **Azure OpenAI API Version** | Set the API version for OpenAI model deployments. | `2025-04-01-preview` | -| **AZURE_LOCATION** | Sets the Azure region for resource deployment. | `` | -| **Existing Log Analytics Workspace** | To reuse an existing Log Analytics Workspace ID instead of creating a new one. | *(empty)* | -| **Existing AI Foundry Project Resource ID** | To reuse an existing AI Foundry Project Resource ID instead of creating a new one. | *(empty)* | - - - +When you start the deployment, most parameters will have **default values**, but you can update the below settings by following the steps [here](CustomizingAzdParameters.md)
@@ -257,22 +238,35 @@ This will rebuild the source code, package it into a container, and push it to t ## Post Deployment Steps -1. **Import Sample Data** - -Run bash command printed in the terminal. The bash command will look like the following: - ```shell - bash ./infra/scripts/process_sample_data.sh - ``` - if you don't have azd env then you need to pass parameters along with the command. Then the command will look like the following: - ```shell - bash ./infra/scripts/process_sample_data.sh - ``` +### 1. Import Sample Data + +**Choose the appropriate command based on your deployment method:** + +**If you deployed using `azd up` command:** +```bash +bash ./infra/scripts/process_sample_data.sh +``` +> **Note**: The script will automatically take required values from your `azd` environment. + +**If you deployed using custom templates, ARM/Bicep deployments, or `az deployment group` commands:** +```bash +bash ./infra/scripts/process_sample_data.sh +``` +> **Note**: Replace `` with the actual name of the resource group containing your deployed Azure resources. + +> **💡 Tip**: If the deployment metadata does not exist in Azure or has been deleted, the script will prompt you to manually enter the required configuration values. + +> **💡 Tip**: Since this guide is for azd deployment, you'll most likely use the first command without resource group name. + +### 2. Configure Authentication + +Follow the steps in [App Authentication](./AppAuthentication.md) to configure authentication in App Service. -2. **Add Authentication Provider** - - Follow steps in [App Authentication](./AppAuthentication.md) to configure authentication in app service. Note that Authentication changes can take up to 10 minutes. +> **Note**: Authentication changes can take up to 10 minutes to propagate. -3. **Deleting Resources After a Failed Deployment** +### 3. Troubleshooting: Cleaning Up After a Failed Deployment - - Follow steps in [Delete Resource Group](DeleteResourceGroup.md) if your deployment fails and/or you need to clean up the resources. +If your deployment fails and you need to clean up resources, follow the steps in [Delete Resource Group](./DeleteResourceGroup.md). ## Environment configuration for local development & debugging > Set APP_ENV in your .env file to control Azure authentication. Set the environment variable to dev to use Azure CLI credentials, or to prod to use Managed Identity for production. **Ensure you're logged in via az login when using dev in local**. diff --git a/infra/scripts/process_sample_data.sh b/infra/scripts/process_sample_data.sh index 4f055ea7..a1cec54c 100644 --- a/infra/scripts/process_sample_data.sh +++ b/infra/scripts/process_sample_data.sh @@ -1,508 +1,559 @@ - #!/bin/bash - - # Variables - resourceGroupName="$1" - - # Global variables to track original network access states - original_storage_public_access="" - original_storage_default_action="" - original_foundry_public_access="" - aif_resource_group="" - aif_account_resource_id="" - # Add global variable for SQL Server public access - - original_sql_public_access="" - created_sql_allow_all_firewall_rule="false" - original_full_range_rule_present="false" - - # Function to enable public network access temporarily - enable_public_access() { - echo "=== Temporarily enabling public network access for services ===" - - # Enable public access for Storage Account - echo "Enabling public access for Storage Account: $storageAccount" - original_storage_public_access=$(az storage account show \ - --name "$storageAccount" \ - --resource-group "$resourceGroupName" \ - --query "publicNetworkAccess" \ - -o tsv) - original_storage_default_action=$(az storage account show \ +#!/bin/bash + +# Variables +resourceGroupName="$1" + +cosmosDbAccountName="" +storageAccount="" +fileSystem="" +keyvaultName="" +sqlServerName="" +SqlDatabaseName="" +sqlManagedIdentityClientId="" +sqlManagedIdentityDisplayName="" +aiSearchName="" +aif_resource_id="" +azSubscriptionId="" + +# Global variables to track original network access states +original_storage_public_access="" +original_storage_default_action="" +original_foundry_public_access="" +aif_resource_group="" +aif_account_resource_id="" +# Add global variable for SQL Server public access + +original_sql_public_access="" +created_sql_allow_all_firewall_rule="false" +original_full_range_rule_present="false" + +# Function to enable public network access temporarily +enable_public_access() { + echo "=== Temporarily enabling public network access for services ===" + + # Enable public access for Storage Account + echo "Enabling public access for Storage Account: $storageAccount" + original_storage_public_access=$(az storage account show \ + --name "$storageAccount" \ + --resource-group "$resourceGroupName" \ + --query "publicNetworkAccess" \ + -o tsv) + original_storage_default_action=$(az storage account show \ + --name "$storageAccount" \ + --resource-group "$resourceGroupName" \ + --query "networkRuleSet.defaultAction" \ + -o tsv) + + if [ "$original_storage_public_access" != "Enabled" ]; then + az storage account update \ --name "$storageAccount" \ --resource-group "$resourceGroupName" \ - --query "networkRuleSet.defaultAction" \ - -o tsv) - - if [ "$original_storage_public_access" != "Enabled" ]; then - az storage account update \ - --name "$storageAccount" \ - --resource-group "$resourceGroupName" \ - --public-network-access Enabled \ - --output none - if [ $? -eq 0 ]; then - echo "✓ Storage Account public access enabled" - else - echo "✗ Failed to enable Storage Account public access" - return 1 - fi + --public-network-access Enabled \ + --output none + if [ $? -eq 0 ]; then + echo "✓ Storage Account public access enabled" else - echo "✓ Storage Account public access already enabled" + echo "✗ Failed to enable Storage Account public access" + return 1 fi - - # Also ensure the default network action allows access - if [ "$original_storage_default_action" != "Allow" ]; then - echo "Setting Storage Account network default action to Allow" - az storage account update \ - --name "$storageAccount" \ - --resource-group "$resourceGroupName" \ - --default-action Allow \ - --output none - if [ $? -eq 0 ]; then - echo "✓ Storage Account network default action set to Allow" - else - echo "✗ Failed to set Storage Account network default action" - return 1 - fi + else + echo "✓ Storage Account public access already enabled" + fi + + # Also ensure the default network action allows access + if [ "$original_storage_default_action" != "Allow" ]; then + echo "Setting Storage Account network default action to Allow" + az storage account update \ + --name "$storageAccount" \ + --resource-group "$resourceGroupName" \ + --default-action Allow \ + --output none + if [ $? -eq 0 ]; then + echo "✓ Storage Account network default action set to Allow" else - echo "✓ Storage Account network default action already set to Allow" + echo "✗ Failed to set Storage Account network default action" + return 1 fi + else + echo "✓ Storage Account network default action already set to Allow" + fi - # Enable public access for AI Foundry - # Extract the account resource ID (remove /projects/... part if present) - aif_account_resource_id=$(echo "$aif_resource_id" | sed 's|/projects/.*||') - aif_resource_name=$(basename "$aif_account_resource_id") - # Extract resource group from the AI Foundry account resource ID - aif_resource_group=$(echo "$aif_account_resource_id" | sed -n 's|.*/resourceGroups/\([^/]*\)/.*|\1|p') - # Extract subscription ID from the AI Foundry account resource ID - aif_subscription_id=$(echo "$aif_account_resource_id" | sed -n 's|.*/subscriptions/\([^/]*\)/.*|\1|p') - - original_foundry_public_access=$(az cognitiveservices account show \ - --name "$aif_resource_name" \ - --resource-group "$aif_resource_group" \ - --subscription "$aif_subscription_id" \ - --query "properties.publicNetworkAccess" \ - --output tsv) - if [ -z "$original_foundry_public_access" ] || [ "$original_foundry_public_access" = "null" ]; then - echo "⚠ Info: Could not retrieve AI Foundry network access status." - echo " AI Foundry network access might be managed differently." - elif [ "$original_foundry_public_access" != "Enabled" ]; then - echo "Current AI Foundry public access: $original_foundry_public_access" - echo "Enabling public access for AI Foundry resource: $aif_resource_name (Resource Group: $aif_resource_group)" - if MSYS_NO_PATHCONV=1 az resource update \ - --ids "$aif_account_resource_id" \ - --api-version 2024-10-01 \ - --set properties.publicNetworkAccess=Enabled properties.apiProperties="{}" \ - --output none; then - echo "✓ AI Foundry public access enabled" - else - echo "⚠ Warning: Failed to enable AI Foundry public access automatically." - fi + # Enable public access for AI Foundry + # Extract the account resource ID (remove /projects/... part if present) + aif_account_resource_id=$(echo "$aif_resource_id" | sed 's|/projects/.*||') + aif_resource_name=$(basename "$aif_account_resource_id") + # Extract resource group from the AI Foundry account resource ID + aif_resource_group=$(echo "$aif_account_resource_id" | sed -n 's|.*/resourceGroups/\([^/]*\)/.*|\1|p') + # Extract subscription ID from the AI Foundry account resource ID + aif_subscription_id=$(echo "$aif_account_resource_id" | sed -n 's|.*/subscriptions/\([^/]*\)/.*|\1|p') + + original_foundry_public_access=$(az cognitiveservices account show \ + --name "$aif_resource_name" \ + --resource-group "$aif_resource_group" \ + --subscription "$aif_subscription_id" \ + --query "properties.publicNetworkAccess" \ + --output tsv) + if [ -z "$original_foundry_public_access" ] || [ "$original_foundry_public_access" = "null" ]; then + echo "⚠ Info: Could not retrieve AI Foundry network access status." + echo " AI Foundry network access might be managed differently." + elif [ "$original_foundry_public_access" != "Enabled" ]; then + echo "Current AI Foundry public access: $original_foundry_public_access" + echo "Enabling public access for AI Foundry resource: $aif_resource_name (Resource Group: $aif_resource_group)" + if MSYS_NO_PATHCONV=1 az resource update \ + --ids "$aif_account_resource_id" \ + --api-version 2024-10-01 \ + --set properties.publicNetworkAccess=Enabled properties.apiProperties="{}" \ + --output none; then + echo "✓ AI Foundry public access enabled" else - echo "✓ AI Foundry public access already enabled" + echo "⚠ Warning: Failed to enable AI Foundry public access automatically." fi + else + echo "✓ AI Foundry public access already enabled" + fi - # Enable public access for SQL Server - echo "Enabling public access for SQL Server: $sqlServerName" - original_sql_public_access=$(az sql server show \ + # Enable public access for SQL Server + echo "Enabling public access for SQL Server: $sqlServerName" + original_sql_public_access=$(az sql server show \ + --name "$sqlServerName" \ + --resource-group "$resourceGroupName" \ + --query "publicNetworkAccess" \ + -o tsv) + if [ "$original_sql_public_access" != "Enabled" ]; then + az sql server update \ --name "$sqlServerName" \ --resource-group "$resourceGroupName" \ - --query "publicNetworkAccess" \ - -o tsv) - if [ "$original_sql_public_access" != "Enabled" ]; then - az sql server update \ - --name "$sqlServerName" \ - --resource-group "$resourceGroupName" \ - --enable-public-network true \ - --output none - if [ $? -eq 0 ]; then - echo "✓ SQL Server public access enabled" - else - echo "✗ Failed to enable SQL Server public access" - return 1 - fi + --enable-public-network true \ + --output none + if [ $? -eq 0 ]; then + echo "✓ SQL Server public access enabled" else - echo "✓ SQL Server public access already enabled" + echo "✗ Failed to enable SQL Server public access" + return 1 fi + else + echo "✓ SQL Server public access already enabled" + fi - # Add (or verify) a firewall rule allowing all IPs (TEMPORARY) - echo "Ensuring temporary wide-open firewall rule exists for data load" - sql_allow_all_rule_name="temp-allow-all-ip" - - # Detect if a full-range rule (any name) already existed before we potentially create one - pre_existing_full_range_rule=$(az sql server firewall-rule list \ - --server "$sqlServerName" \ - --resource-group "$resourceGroupName" \ - --query "[?startIpAddress=='0.0.0.0' && endIpAddress=='255.255.255.255'] | [0].name" \ - -o tsv 2>/dev/null) - if [ -n "$pre_existing_full_range_rule" ]; then - original_full_range_rule_present="true" - fi - - existing_allow_all_rule=$(az sql server firewall-rule list \ - --server "$sqlServerName" \ - --resource-group "$resourceGroupName" \ - --query "[?name=='${sql_allow_all_rule_name}'] | [0].name" \ - -o tsv 2>/dev/null) - - if [ -z "$existing_allow_all_rule" ]; then - if [ -n "$pre_existing_full_range_rule" ]; then - echo "✓ Existing rule ($pre_existing_full_range_rule) already allows full IP range." - else - echo "Creating temporary allow-all firewall rule ($sql_allow_all_rule_name)..." - if az sql server firewall-rule create \ - --resource-group "$resourceGroupName" \ - --server "$sqlServerName" \ - --name "$sql_allow_all_rule_name" \ - --start-ip-address 0.0.0.0 \ - --end-ip-address 255.255.255.255 \ - --output none; then - created_sql_allow_all_firewall_rule="true" - echo "✓ Temporary allow-all firewall rule created" - else - echo "⚠ Warning: Failed to create allow-all firewall rule" - fi - fi - else - echo "✓ Temporary allow-all firewall rule already present" - # Since it was present beforehand, mark that a full-range rule existed originally - original_full_range_rule_present="true" - fi - - # Wait a bit for changes to take effect - echo "Waiting for network access changes to propagate..." - sleep 10 - echo "=== Public network access enabled successfully ===" - return 0 - } - - # Function to restore original network access settings - restore_network_access() { - echo "=== Restoring original network access settings ===" - - # Restore Storage Account access - if [ -n "$original_storage_public_access" ] && [ "$original_storage_public_access" != "Enabled" ]; then - echo "Restoring Storage Account public access to: $original_storage_public_access" - # Handle case sensitivity - convert to proper case - case "$original_storage_public_access" in - "enabled"|"Enabled") restore_value="Enabled" ;; - "disabled"|"Disabled") restore_value="Disabled" ;; - *) restore_value="$original_storage_public_access" ;; - esac - az storage account update \ - --name "$storageAccount" \ - --resource-group "$resourceGroupName" \ - --public-network-access "$restore_value" \ - --output none - if [ $? -eq 0 ]; then - echo "✓ Storage Account access restored" - else - echo "✗ Failed to restore Storage Account access" - fi + # Add (or verify) a firewall rule allowing all IPs (TEMPORARY) + echo "Ensuring temporary wide-open firewall rule exists for data load" + sql_allow_all_rule_name="temp-allow-all-ip" + + # Detect if a full-range rule (any name) already existed before we potentially create one + pre_existing_full_range_rule=$(az sql server firewall-rule list \ + --server "$sqlServerName" \ + --resource-group "$resourceGroupName" \ + --query "[?startIpAddress=='0.0.0.0' && endIpAddress=='255.255.255.255'] | [0].name" \ + -o tsv 2>/dev/null) + if [ -n "$pre_existing_full_range_rule" ]; then + original_full_range_rule_present="true" + fi + + existing_allow_all_rule=$(az sql server firewall-rule list \ + --server "$sqlServerName" \ + --resource-group "$resourceGroupName" \ + --query "[?name=='${sql_allow_all_rule_name}'] | [0].name" \ + -o tsv 2>/dev/null) + + if [ -z "$existing_allow_all_rule" ]; then + if [ -n "$pre_existing_full_range_rule" ]; then + echo "✓ Existing rule ($pre_existing_full_range_rule) already allows full IP range." + else + echo "Creating temporary allow-all firewall rule ($sql_allow_all_rule_name)..." + if az sql server firewall-rule create \ + --resource-group "$resourceGroupName" \ + --server "$sqlServerName" \ + --name "$sql_allow_all_rule_name" \ + --start-ip-address 0.0.0.0 \ + --end-ip-address 255.255.255.255 \ + --output none; then + created_sql_allow_all_firewall_rule="true" + echo "✓ Temporary allow-all firewall rule created" + else + echo "⚠ Warning: Failed to create allow-all firewall rule" + fi + fi + else + echo "✓ Temporary allow-all firewall rule already present" + # Since it was present beforehand, mark that a full-range rule existed originally + original_full_range_rule_present="true" + fi + + # Wait a bit for changes to take effect + echo "Waiting for network access changes to propagate..." + sleep 10 + echo "=== Public network access enabled successfully ===" + return 0 +} + +# Function to restore original network access settings +restore_network_access() { + echo "=== Restoring original network access settings ===" + + # Restore Storage Account access + if [ -n "$original_storage_public_access" ] && [ "$original_storage_public_access" != "Enabled" ]; then + echo "Restoring Storage Account public access to: $original_storage_public_access" + # Handle case sensitivity - convert to proper case + case "$original_storage_public_access" in + "enabled"|"Enabled") restore_value="Enabled" ;; + "disabled"|"Disabled") restore_value="Disabled" ;; + *) restore_value="$original_storage_public_access" ;; + esac + az storage account update \ + --name "$storageAccount" \ + --resource-group "$resourceGroupName" \ + --public-network-access "$restore_value" \ + --output none + if [ $? -eq 0 ]; then + echo "✓ Storage Account access restored" else - echo "Storage Account access unchanged (already at desired state)" + echo "✗ Failed to restore Storage Account access" fi - - # Restore Storage Account network default action - if [ -n "$original_storage_default_action" ] && [ "$original_storage_default_action" != "Allow" ]; then - echo "Restoring Storage Account network default action to: $original_storage_default_action" - az storage account update \ - --name "$storageAccount" \ - --resource-group "$resourceGroupName" \ - --default-action "$original_storage_default_action" \ - --output none - if [ $? -eq 0 ]; then - echo "✓ Storage Account network default action restored" - else - echo "✗ Failed to restore Storage Account network default action" - fi + else + echo "Storage Account access unchanged (already at desired state)" + fi + + # Restore Storage Account network default action + if [ -n "$original_storage_default_action" ] && [ "$original_storage_default_action" != "Allow" ]; then + echo "Restoring Storage Account network default action to: $original_storage_default_action" + az storage account update \ + --name "$storageAccount" \ + --resource-group "$resourceGroupName" \ + --default-action "$original_storage_default_action" \ + --output none + if [ $? -eq 0 ]; then + echo "✓ Storage Account network default action restored" else - echo "Storage Account network default action unchanged (already at desired state)" + echo "✗ Failed to restore Storage Account network default action" fi - - # Restore AI Foundry access - if [ -n "$original_foundry_public_access" ] && [ "$original_foundry_public_access" != "Enabled" ]; then - echo "Restoring AI Foundry public access to: $original_foundry_public_access" - # Try using the working approach to restore the original setting - if MSYS_NO_PATHCONV=1 az resource update \ - --ids "$aif_account_resource_id" \ - --api-version 2024-10-01 \ - --set properties.publicNetworkAccess="$original_foundry_public_access" \ - --set properties.apiProperties.qnaAzureSearchEndpointKey="" \ - --set properties.networkAcls.bypass="AzureServices" \ - --output none 2>/dev/null; then - echo "✓ AI Foundry access restored" - else - echo "⚠ Warning: Failed to restore AI Foundry access automatically." - echo " Please manually restore network access in the Azure portal if needed." - fi + else + echo "Storage Account network default action unchanged (already at desired state)" + fi + + # Restore AI Foundry access + if [ -n "$original_foundry_public_access" ] && [ "$original_foundry_public_access" != "Enabled" ]; then + echo "Restoring AI Foundry public access to: $original_foundry_public_access" + # Try using the working approach to restore the original setting + if MSYS_NO_PATHCONV=1 az resource update \ + --ids "$aif_account_resource_id" \ + --api-version 2024-10-01 \ + --set properties.publicNetworkAccess="$original_foundry_public_access" \ + --set properties.apiProperties.qnaAzureSearchEndpointKey="" \ + --set properties.networkAcls.bypass="AzureServices" \ + --output none 2>/dev/null; then + echo "✓ AI Foundry access restored" else - echo "AI Foundry access unchanged (already at desired state)" + echo "⚠ Warning: Failed to restore AI Foundry access automatically." + echo " Please manually restore network access in the Azure portal if needed." fi + else + echo "AI Foundry access unchanged (already at desired state)" + fi - # Restore SQL Server public access - if [ -n "$original_sql_public_access" ] && [ "$original_sql_public_access" != "Enabled" ]; then - echo "Restoring SQL Server public access to: $original_sql_public_access" - # Handle case sensitivity - case "$original_sql_public_access" in - "enabled"|"Enabled") restore_value=true ;; - "disabled"|"Disabled") restore_value=false ;; - *) restore_value="$original_sql_public_access" ;; - esac - az sql server update \ - --name "$sqlServerName" \ - --resource-group "$resourceGroupName" \ - --enable-public-network $restore_value \ - --output none - if [ $? -eq 0 ]; then - echo "✓ SQL Server access restored" - else - echo "✗ Failed to restore SQL Server access" - fi + # Restore SQL Server public access + if [ -n "$original_sql_public_access" ] && [ "$original_sql_public_access" != "Enabled" ]; then + echo "Restoring SQL Server public access to: $original_sql_public_access" + # Handle case sensitivity + case "$original_sql_public_access" in + "enabled"|"Enabled") restore_value=true ;; + "disabled"|"Disabled") restore_value=false ;; + *) restore_value="$original_sql_public_access" ;; + esac + az sql server update \ + --name "$sqlServerName" \ + --resource-group "$resourceGroupName" \ + --enable-public-network $restore_value \ + --output none + if [ $? -eq 0 ]; then + echo "✓ SQL Server access restored" else - echo "SQL Server access unchanged (already at desired state)" + echo "✗ Failed to restore SQL Server access" fi - - } + else + echo "SQL Server access unchanged (already at desired state)" + fi echo "=== Network access restoration completed ===" - - # Function to handle script cleanup on exit - cleanup_on_exit() { - exit_code=$? - echo "" - if [ $exit_code -ne 0 ]; then - echo "Script failed with exit code: $exit_code" - fi - echo "Performing cleanup..." - restore_network_access - exit $exit_code - } +} + +# Function to handle script cleanup on exit +cleanup_on_exit() { + exit_code=$? + echo "" + if [ $exit_code -ne 0 ]; then + echo "Script failed with exit code: $exit_code" + fi + echo "Performing cleanup..." + restore_network_access + exit $exit_code +} - # Set up trap to ensure cleanup happens on exit - trap cleanup_on_exit EXIT INT TERM +# Set up trap to ensure cleanup happens on exit +trap cleanup_on_exit EXIT INT TERM - if az account show &> /dev/null; then - echo "Already authenticated with Azure." +# check if azd cli is installed +check_azd_installed() { + if command -v azd &> /dev/null; then + return 0 + else + return 1 + fi +} + +get_values_from_azd_env() { + check_azd_installed + if [ $? -ne 0 ]; then + echo "Error: Azure Developer CLI is not installed." + return 1 + fi + + echo "Getting values from azd environment..." + # Allow only valid characters in the names, so that error and warning messages are avoided + resourceGroupName=$(azd env get-value RESOURCE_GROUP_NAME 2>&1 | grep -E '^[a-zA-Z0-9._/-]+$') + cosmosDbAccountName=$(azd env get-value COSMOSDB_ACCOUNT_NAME 2>&1 | grep -E '^[a-zA-Z0-9._/-]+$') + storageAccount=$(azd env get-value STORAGE_ACCOUNT_NAME 2>&1 | grep -E '^[a-zA-Z0-9._/-]+$') + fileSystem=$(azd env get-value STORAGE_CONTAINER_NAME 2>&1 | grep -E '^[a-zA-Z0-9._/-]+$') + keyvaultName=$(azd env get-value KEY_VAULT_NAME 2>&1 | grep -E '^[a-zA-Z0-9_-]+$') + sqlServerName=$(azd env get-value SQLDB_SERVER_NAME 2>&1 | grep -E '^[a-zA-Z0-9._/-]+$') + SqlDatabaseName=$(azd env get-value SQLDB_DATABASE 2>&1 | grep -E '^[a-zA-Z0-9._/-]+$') + sqlManagedIdentityClientId=$(azd env get-value MANAGEDIDENTITY_SQL_CLIENTID 2>&1 | grep -E '^[a-zA-Z0-9._/-]+$') + sqlManagedIdentityDisplayName=$(azd env get-value MANAGEDIDENTITY_SQL_NAME 2>&1 | grep -E '^[a-zA-Z0-9._/-]+$') + aiSearchName=$(azd env get-value AI_SEARCH_SERVICE_NAME 2>&1 | grep -E '^[a-zA-Z0-9._/-]+$') + aif_resource_id=$(azd env get-value AI_FOUNDRY_RESOURCE_ID 2>&1 | grep -E '^[a-zA-Z0-9._/-]+$') + + # Validate that we extracted all required values + if [ -z "$resourceGroupName" ] || [ -z "$cosmosDbAccountName" ] || [ -z "$storageAccount" ] || [ -z "$fileSystem" ] || [ -z "$keyvaultName" ] || [ -z "$sqlServerName" ] || [ -z "$SqlDatabaseName" ] || [ -z "$sqlManagedIdentityClientId" ] || [ -z "$sqlManagedIdentityDisplayName" ] || [ -z "$aiSearchName" ] || [ -z "$aif_resource_id" ]; then + echo "Error: One or more required values could not be retrieved from azd environment." + return 1 else - echo "Authenticating with Azure CLI..." - az login - echo "Authenticated with Azure CLI." + echo "All values retrieved successfully from azd environment." + return 0 fi +} - # fetch all variables from deployment outputs +get_values_from_az_deployment() { + echo "Getting values from Azure deployment outputs..." deploymentName=$(az group show --name "$resourceGroupName" --query "tags.DeploymentName" -o tsv) echo "Deployment Name (from tag): $deploymentName" -if az deployment group show --resource-group "$resourceGroupName" --name "$deploymentName" &>/dev/null; then - cosmosDbAccountName=$(az deployment group show \ - --name "$deploymentName" \ - --resource-group "$resourceGroupName" \ - --query "properties.outputs.cosmosdB_ACCOUNT_NAME.value" -o tsv) - echo "Cosmos DB Account Name (from outputs): $cosmosDbAccountName" - - storageAccount=$(az deployment group show \ - --name "$deploymentName" \ - --resource-group "$resourceGroupName" \ - --query "properties.outputs.storagE_ACCOUNT_NAME.value" -o tsv) - echo "Storage Account Name (from outputs): $storageAccount" - - fileSystem=$(az deployment group show \ - --name "$deploymentName" \ - --resource-group "$resourceGroupName" \ - --query "properties.outputs.storagE_CONTAINER_NAME.value" -o tsv) - echo "Storage Container Name (from outputs): $fileSystem" - - keyvaultName=$(az deployment group show \ - --name "$deploymentName" \ - --resource-group "$resourceGroupName" \ - --query "properties.outputs.keY_VAULT_NAME.value" -o tsv) - echo "Key Vault Name (from outputs): $keyvaultName" - - sqlServerName=$(az deployment group show \ - --name "$deploymentName" \ - --resource-group "$resourceGroupName" \ - --query "properties.outputs.sqldB_SERVER_NAME.value" -o tsv) - echo "SQL Server Name (from outputs): $sqlServerName" - - webAppManagedIdentityDisplayName=$(az deployment group show \ - --name "$deploymentName" \ - --resource-group "$resourceGroupName" \ - --query "properties.outputs.managedidentitY_WEBAPP_NAME.value" -o tsv) - echo "Web App Managed Identity Display Name (from outputs): $webAppManagedIdentityDisplayName" - - webAppManagedIdentityClientId=$(az deployment group show \ - --name "$deploymentName" \ - --resource-group "$resourceGroupName" \ - --query "properties.outputs.managedidentitY_WEBAPP_CLIENTID.value" -o tsv) - echo "Web App Managed Identity Client ID (from outputs): $webAppManagedIdentityClientId" - - SqlDatabaseName=$(az deployment group show \ - --name "$deploymentName" \ - --resource-group "$resourceGroupName" \ - --query "properties.outputs.sqldB_DATABASE.value" -o tsv) - echo "SQL Database Name (from outputs): $SqlDatabaseName" - - sqlManagedIdentityClientId=$(az deployment group show \ - --name "$deploymentName" \ - --resource-group "$resourceGroupName" \ - --query "properties.outputs.managedidentitY_SQL_CLIENTID.value" -o tsv) - echo "SQL Managed Identity Client ID (from outputs): $sqlManagedIdentityClientId" - - sqlManagedIdentityDisplayName=$(az deployment group show \ - --name "$deploymentName" \ - --resource-group "$resourceGroupName" \ - --query "properties.outputs.managedidentitY_SQL_NAME.value" -o tsv) - echo "SQL Managed Identity Display Name (from outputs): $sqlManagedIdentityDisplayName" - - aiSearchName=$(az deployment group show \ - --name "$deploymentName" \ - --resource-group "$resourceGroupName" \ - --query "properties.outputs.aI_SEARCH_SERVICE_NAME.value" -o tsv) - echo "AI Search Service Name (from outputs): $aiSearchName" - - aif_resource_id=$(az deployment group show \ - --name "$deploymentName" \ - --resource-group "$resourceGroupName" \ - --query "properties.outputs.aI_FOUNDRY_RESOURCE_ID.value" -o tsv) - echo "AI Foundry Resource ID (from outputs): $aif_resource_id" - - azSubscriptionId=$(az deployment group show \ - --name "$deploymentName" \ - --resource-group "$resourceGroupName" \ - --query "properties.outputs.azurE_SUBSCRIPTION_ID.value" -o tsv) + echo "Fetching deployment outputs..." + + # Get all outputs + deploymentOutputs=$(az deployment group show \ + --name "$deploymentName" \ + --resource-group "$resourceGroupName" \ + --query "properties.outputs" -o json) + + # Extract each value + cosmosDbAccountName=$(echo "$deploymentOutputs" | grep -A 3 '"cosmosdB_ACCOUNT_NAME"' | grep '"value"' | sed 's/.*"value": *"\([^"]*\)".*/\1/') + storageAccount=$(echo "$deploymentOutputs" | grep -A 3 '"storagE_ACCOUNT_NAME"' | grep '"value"' | sed 's/.*"value": *"\([^"]*\)".*/\1/') + fileSystem=$(echo "$deploymentOutputs" | grep -A 3 '"storagE_CONTAINER_NAME"' | grep '"value"' | sed 's/.*"value": *"\([^"]*\)".*/\1/') + keyvaultName=$(echo "$deploymentOutputs" | grep -A 3 '"keY_VAULT_NAME"' | grep '"value"' | sed 's/.*"value": *"\([^"]*\)".*/\1/') + sqlServerName=$(echo "$deploymentOutputs" | grep -A 3 '"sqldB_SERVER_NAME"' | grep '"value"' | sed 's/.*"value": *"\([^"]*\)".*/\1/') + webAppManagedIdentityDisplayName=$(echo "$deploymentOutputs" | grep -A 3 '"managedidentitY_WEBAPP_NAME"' | grep '"value"' | sed 's/.*"value": *"\([^"]*\)".*/\1/') + webAppManagedIdentityClientId=$(echo "$deploymentOutputs" | grep -A 3 '"managedidentitY_WEBAPP_CLIENTID"' | grep '"value"' | sed 's/.*"value": *"\([^"]*\)".*/\1/') + SqlDatabaseName=$(echo "$deploymentOutputs" | grep -A 3 '"sqldB_DATABASE"' | grep '"value"' | sed 's/.*"value": *"\([^"]*\)".*/\1/') + sqlManagedIdentityClientId=$(echo "$deploymentOutputs" | grep -A 3 '"managedidentitY_SQL_CLIENTID"' | grep '"value"' | sed 's/.*"value": *"\([^"]*\)".*/\1/') + sqlManagedIdentityDisplayName=$(echo "$deploymentOutputs" | grep -A 3 '"managedidentitY_SQL_NAME"' | grep '"value"' | sed 's/.*"value": *"\([^"]*\)".*/\1/') + aiSearchName=$(echo "$deploymentOutputs" | grep -A 3 '"aI_SEARCH_SERVICE_NAME"' | grep '"value"' | sed 's/.*"value": *"\([^"]*\)".*/\1/') + aif_resource_id=$(echo "$deploymentOutputs" | grep -A 3 '"aI_FOUNDRY_RESOURCE_ID"' | grep '"value"' | sed 's/.*"value": *"\([^"]*\)".*/\1/') + + # Validate that we extracted all required values + if [ -z "$cosmosDbAccountName" ] || [ -z "$storageAccount" ] || [ -z "$fileSystem" ] || [ -z "$keyvaultName" ] || [ -z "$sqlServerName" ] || [ -z "$SqlDatabaseName" ] || [ -z "$sqlManagedIdentityClientId" ] || [ -z "$sqlManagedIdentityDisplayName" ] || [ -z "$aiSearchName" ] || [ -z "$aif_resource_id" ]; then + echo "Error: One or more required values could not be retrieved from deployment outputs." + return 1 + else + echo "All values retrieved successfully from deployment outputs." + return 0 + fi +} - echo "Azure Subscription ID (from outputs): $azSubscriptionId" -else - echo "Deployment does NOT exist in resource group $resourceGroupName." +get_values_from_user() { echo "Please enter required values manually." - read -rp "Enter Cosmos DB Account Name: " cosmosDbAccountName - read -rp "Enter Storage Account Name: " storageAccount - read -rp "Enter Storage Container/File System Name: " fileSystem + read -rp "Enter Cosmos DB Account Name: " cosmosDbAccountName + read -rp "Enter Storage Account Name: " storageAccount + read -rp "Enter Storage Container Name: " fileSystem + read -rp "Enter Key Vault Name: " keyvaultName read -rp "Enter SQL Server Name: " sqlServerName read -rp "Enter SQL Database Name: " SqlDatabaseName - read -rp "Enter Key Vault Name: " keyvaultName - read -rp "Enter Web App Managed Identity Display Name: " webAppManagedIdentityDisplayName - read -rp "Enter Web App Managed Identity Client ID: " webAppManagedIdentityClientId read -rp "Enter SQL Managed Identity Display Name: " sqlManagedIdentityDisplayName read -rp "Enter SQL Managed Identity Client ID: " sqlManagedIdentityClientId - read -rp "Enter AI Search Service Name: " aiSearchName - read -rp "Enter AI Foundry Resource ID: " aif_resource_id - read -rp "Enter Azure Subscription ID: " azSubscriptionId -fi - - # Check if all required arguments are provided - if [ -z "$resourceGroupName" ] || [ -z "$cosmosDbAccountName" ] || [ -z "$storageAccount" ] || [ -z "$fileSystem" ] || [ -z "$keyvaultName" ] || [ -z "$sqlServerName" ] || [ -z "$SqlDatabaseName" ] || [ -z "$sqlManagedIdentityClientId" ] || [ -z "$sqlManagedIdentityDisplayName" ] || [ -z "$aiSearchName" ] || [ -z "$aif_resource_id" ]; then - echo "Usage: $0 " - exit 1 - fi + read -rp "Enter AI Search Service Name: " aiSearchName + read -rp "Enter AI Foundry Resource ID: " aif_resource_id - # Authenticate with Azure - if az account show &> /dev/null; then - echo "Already authenticated with Azure." + # Validate that all required values are provided + if [ -z "$cosmosDbAccountName" ] || [ -z "$storageAccount" ] || [ -z "$fileSystem" ] || [ -z "$keyvaultName" ] || [ -z "$sqlServerName" ] || [ -z "$SqlDatabaseName" ] || [ -z "$sqlManagedIdentityClientId" ] || [ -z "$sqlManagedIdentityDisplayName" ] || [ -z "$aiSearchName" ] || [ -z "$aif_resource_id" ]; then + echo "Error: All values are required. Please try again." + return 1 else - echo "Not authenticated with Azure. Attempting to authenticate..." - if [ -n "$managedIdentityClientId" ]; then - # Use managed identity if running in Azure - echo "Authenticating with Managed Identity..." - az login --identity --client-id ${managedIdentityClientId} - else - # Use Azure CLI login if running locally - echo "Authenticating with Azure CLI..." - az login - fi + echo "All values provided successfully." + return 0 fi - - #check if user has selected the correct subscription - currentSubscriptionId=$(az account show --query id -o tsv) - currentSubscriptionName=$(az account show --query name -o tsv) - if [ "$currentSubscriptionId" != "$azSubscriptionId" ]; then - echo "Current selected subscription is $currentSubscriptionName ( $currentSubscriptionId )." - read -rp "Do you want to continue with this subscription?(y/n): " confirmation - if [[ "$confirmation" != "y" && "$confirmation" != "Y" ]]; then - echo "Fetching available subscriptions..." - availableSubscriptions=$(az account list --query "[?state=='Enabled'].[name,id]" --output tsv) - while true; do - echo "" - echo "Available Subscriptions:" - echo "========================" - echo "$availableSubscriptions" | awk '{printf "%d. %s ( %s )\n", NR, $1, $2}' - echo "========================" - echo "" - read -rp "Enter the number of the subscription (1-$(echo "$availableSubscriptions" | wc -l)) to use: " subscriptionIndex - if [[ "$subscriptionIndex" =~ ^[0-9]+$ ]] && [ "$subscriptionIndex" -ge 1 ] && [ "$subscriptionIndex" -le $(echo "$availableSubscriptions" | wc -l) ]; then - selectedSubscription=$(echo "$availableSubscriptions" | sed -n "${subscriptionIndex}p") - selectedSubscriptionName=$(echo "$selectedSubscription" | cut -f1) - selectedSubscriptionId=$(echo "$selectedSubscription" | cut -f2) - - # Set the selected subscription - if az account set --subscription "$selectedSubscriptionId"; then - echo "Switched to subscription: $selectedSubscriptionName ( $selectedSubscriptionId )" - break - else - echo "Failed to switch to subscription: $selectedSubscriptionName ( $selectedSubscriptionId )." - fi +} + +# Authenticate with Azure +echo "" +echo "Attempting to authenticate with Azure..." +if [ -n "$managedIdentityClientId" ]; then + # Use managed identity if running in Azure + echo "Authenticating with Managed Identity..." + az login --identity --client-id ${managedIdentityClientId} +else + # Use Azure CLI login if running locally + echo "Authenticating with Azure CLI..." + az login +fi +echo "" + +if check_azd_installed; then + azSubscriptionId=$(azd env get-value AZURE_SUBSCRIPTION_ID) || azSubscriptionId="$AZURE_SUBSCRIPTION_ID" || azSubscriptionId="" +fi + +#check if user has selected the correct subscription +echo "" +currentSubscriptionId=$(az account show --query id -o tsv) +currentSubscriptionName=$(az account show --query name -o tsv) +if [ "$currentSubscriptionId" != "$azSubscriptionId" ]; then + echo "Current selected subscription is $currentSubscriptionName ( $currentSubscriptionId )." + read -rp "Do you want to continue with this subscription?(y/n): " confirmation + if [[ "$confirmation" != "y" && "$confirmation" != "Y" ]]; then + echo "Fetching available subscriptions..." + availableSubscriptions=$(az account list --query "[?state=='Enabled'].[name,id]" --output tsv) + while true; do + echo "" + echo "Available Subscriptions:" + echo "========================" + echo "$availableSubscriptions" | awk '{printf "%d. %s ( %s )\n", NR, $1, $2}' + echo "========================" + echo "" + read -rp "Enter the number of the subscription (1-$(echo "$availableSubscriptions" | wc -l)) to use: " subscriptionIndex + if [[ "$subscriptionIndex" =~ ^[0-9]+$ ]] && [ "$subscriptionIndex" -ge 1 ] && [ "$subscriptionIndex" -le $(echo "$availableSubscriptions" | wc -l) ]; then + selectedSubscription=$(echo "$availableSubscriptions" | sed -n "${subscriptionIndex}p") + selectedSubscriptionName=$(echo "$selectedSubscription" | cut -f1) + selectedSubscriptionId=$(echo "$selectedSubscription" | cut -f2) + + # Set the selected subscription + if az account set --subscription "$selectedSubscriptionId"; then + echo "Switched to subscription: $selectedSubscriptionName ( $selectedSubscriptionId )" + break else - echo "Invalid selection. Please try again." + echo "Failed to switch to subscription: $selectedSubscriptionName ( $selectedSubscriptionId )." fi - done - else - echo "Proceeding with the current subscription: $currentSubscriptionName ( $currentSubscriptionId )" - az account set --subscription "$currentSubscriptionId" - fi + else + echo "Invalid selection. Please try again." + fi + done else - echo "Proceeding with the subscription: $currentSubscriptionName ( $currentSubscriptionId )" + echo "Proceeding with the current subscription: $currentSubscriptionName ( $currentSubscriptionId )" az account set --subscription "$currentSubscriptionId" fi +else + echo "Proceeding with the subscription: $currentSubscriptionName ( $currentSubscriptionId )" + az account set --subscription "$currentSubscriptionId" +fi +echo "" + +if [ -z "$resourceGroupName" ]; then + # No resource group provided - use azd env + if ! get_values_from_azd_env; then + echo "Failed to get values from azd environment." + echo "" + echo "If you want to use deployment outputs instead, please provide the resource group name as an argument." + echo "Usage: $0 [ResourceGroupName]" + echo "Example: $0 my-resource-group" + echo "" + exit 1 + fi +else + # Resource group provided - use deployment outputs + echo "" + echo "Resource group provided: $resourceGroupName" - - # Enable public network access for required services - enable_public_access - if [ $? -ne 0 ]; then - echo "Error: Failed to enable public network access for services." - exit 1 - fi - - - # Call add_cosmosdb_access.sh - echo "Running add_cosmosdb_access.sh" - bash infra/scripts/add_cosmosdb_access.sh "$resourceGroupName" "$cosmosDbAccountName" - if [ $? -ne 0 ]; then - echo "Error: add_cosmosdb_access.sh failed." - exit 1 - fi - echo "add_cosmosdb_access.sh completed successfully." - - # Call copy_kb_files.sh - echo "Running copy_kb_files.sh" - bash infra/scripts/copy_kb_files.sh "$storageAccount" "$fileSystem" - if [ $? -ne 0 ]; then - echo "Error: copy_kb_files.sh failed." - exit 1 - fi - echo "copy_kb_files.sh completed successfully." - - # Call run_create_index_scripts.sh - echo "Running run_create_index_scripts.sh" - bash infra/scripts/run_create_index_scripts.sh "$keyvaultName" "" "" "$resourceGroupName" "$sqlServerName" "$aiSearchName" "$aif_resource_id" - if [ $? -ne 0 ]; then - echo "Error: run_create_index_scripts.sh failed." - exit 1 - fi - echo "run_create_index_scripts.sh completed successfully." - - # Call create_sql_user_and_role.sh - echo "Running create_sql_user_and_role.sh" - bash infra/scripts/add_user_scripts/create_sql_user_and_role.sh "$sqlServerName.database.windows.net" "$SqlDatabaseName" '[ - {"clientId":"'"$sqlManagedIdentityClientId"'", "displayName":"'"$sqlManagedIdentityDisplayName"'", "role":"db_datareader"}, - {"clientId":"'"$sqlManagedIdentityClientId"'", "displayName":"'"$sqlManagedIdentityDisplayName"'", "role":"db_datawriter"} - ]' - if [ $? -ne 0 ]; then - echo "Error: create_sql_user_and_role.sh failed." - exit 1 + # Call deployment function + if ! get_values_from_az_deployment; then + echo "Failed to get values from deployment outputs." + echo "" + echo "Would you like to enter the values manually? (y/n): " + read -r manual_input_choice + if [[ "$manual_input_choice" == "y" || "$manual_input_choice" == "Y" ]]; then + if ! get_values_from_user; then + echo "Error: Manual input failed." + exit 1 + fi + else + echo "Exiting script." + exit 1 + fi fi - echo "create_sql_user_and_role.sh completed successfully." - - echo "All scripts executed successfully." - echo "Network access will be restored to original settings..." - # Note: cleanup_on_exit will be called automatically via the trap \ No newline at end of file +fi + +echo "" +echo "===============================================" +echo "Values to be used:" +echo "===============================================" +echo "Resource Group Name: $resourceGroupName" +echo "Cosmos DB Account Name: $cosmosDbAccountName" +echo "Storage Account Name: $storageAccount" +echo "Storage Container Name: $fileSystem" +echo "Key Vault Name: $keyvaultName" +echo "SQL Server Name: $sqlServerName" +echo "SQL Database Name: $SqlDatabaseName" +echo "SQL Managed Identity Display Name: $sqlManagedIdentityDisplayName" +echo "SQL Managed Identity Client ID: $sqlManagedIdentityClientId" +echo "AI Search Service Name: $aiSearchName" +echo "AI Foundry Resource ID: $aif_resource_id" +echo "===============================================" +echo "" + +# Enable public network access for required services +enable_public_access +if [ $? -ne 0 ]; then + echo "Error: Failed to enable public network access for services." + exit 1 +fi + + +# Call add_cosmosdb_access.sh +echo "Running add_cosmosdb_access.sh" +bash infra/scripts/add_cosmosdb_access.sh "$resourceGroupName" "$cosmosDbAccountName" +if [ $? -ne 0 ]; then + echo "Error: add_cosmosdb_access.sh failed." + exit 1 +fi +echo "add_cosmosdb_access.sh completed successfully." + +# Call copy_kb_files.sh +echo "Running copy_kb_files.sh" +bash infra/scripts/copy_kb_files.sh "$storageAccount" "$fileSystem" +if [ $? -ne 0 ]; then + echo "Error: copy_kb_files.sh failed." + exit 1 +fi +echo "copy_kb_files.sh completed successfully." + +# Call run_create_index_scripts.sh +echo "Running run_create_index_scripts.sh" +bash infra/scripts/run_create_index_scripts.sh "$keyvaultName" "" "" "$resourceGroupName" "$sqlServerName" "$aiSearchName" "$aif_resource_id" +if [ $? -ne 0 ]; then + echo "Error: run_create_index_scripts.sh failed." + exit 1 +fi +echo "run_create_index_scripts.sh completed successfully." + +# Call create_sql_user_and_role.sh +echo "Running create_sql_user_and_role.sh" +bash infra/scripts/add_user_scripts/create_sql_user_and_role.sh "$sqlServerName.database.windows.net" "$SqlDatabaseName" '[ + {"clientId":"'"$sqlManagedIdentityClientId"'", "displayName":"'"$sqlManagedIdentityDisplayName"'", "role":"db_datareader"}, + {"clientId":"'"$sqlManagedIdentityClientId"'", "displayName":"'"$sqlManagedIdentityDisplayName"'", "role":"db_datawriter"} +]' +if [ $? -ne 0 ]; then + echo "Error: create_sql_user_and_role.sh failed." + exit 1 +fi +echo "create_sql_user_and_role.sh completed successfully." + +echo "All scripts executed successfully." +echo "Network access will be restored to original settings..." +# Note: cleanup_on_exit will be called automatically via the trap \ No newline at end of file