refactor: update process_data_scripts Bicep module and enhance run script for VNet and storage account handling

Abdul-Microsoft · Abdul-Microsoft · commit 1a29d87b5b66 · 2025-10-10T12:19:16.000+05:30
diff --git a/infra/process_data_scripts.bicep b/infra/process_data_scripts.bicep
@@ -2,25 +2,33 @@ param solutionLocation string
 param keyVaultName string
 param managedIdentityResourceId string
 param managedIdentityClientId string
+param storageAccount string
+param enablePrivateNetworking bool = false
+param subnetId string = ''
 
 var baseUrl = 'https://raw.githubusercontent.com/microsoft/Conversation-Knowledge-Mining-Solution-Accelerator/main/'
 
-resource process_data_scripts 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
-  kind:'AzureCLI'
-  name: 'process_data_scripts'
-  location: solutionLocation // Replace with your desired location
-  identity: {
-    type: 'UserAssigned'
-    userAssignedIdentities: {
-      '${managedIdentityResourceId}' : {}
-    }
-  }
-  properties: {
+module uploadFiles 'br/public:avm/res/resources/deployment-script:0.5.1' = {
+  name: take('avm.res.resources.deployment-script.uploadFiles', 64)
+  params: {
+    kind: 'AzureCLI'
+    name: 'process_data_scripts'
     azCliVersion: '2.52.0'
-    primaryScriptUri: '${baseUrl}infra/scripts/process_data_scripts.sh' 
-    arguments: '${baseUrl} ${keyVaultName} ${managedIdentityClientId}' // Specify any arguments for the script
-    timeout: 'PT1H' // Specify the desired timeout duration
-    retentionInterval: 'PT1H' // Specify the desired retention interval
-    cleanupPreference:'OnSuccess'
+    cleanupPreference: 'Always'
+    location: solutionLocation
+    managedIdentities: {
+      userAssignedResourceIds: [
+        managedIdentityResourceId
+      ]
+    }
+    retentionInterval: 'P1D'
+    runOnce: true
+    primaryScriptUri: '${baseUrl}infra/scripts/process_data_scripts.sh'
+    arguments: '${baseUrl} ${keyVaultName} ${managedIdentityClientId}'
+    storageAccountResourceId: storageAccount
+    subnetResourceIds: (enablePrivateNetworking && !empty(subnetId)) ? [
+      subnetId
+    ] : null
+    timeout: 'PT1H'
   }
 }
diff --git a/infra/scripts/run_process_data_scripts.sh b/infra/scripts/run_process_data_scripts.sh
@@ -36,24 +36,92 @@ sqlServerLocation=$(az sql server list --resource-group "$resourceGroupName" --q
 # === Retrieve the principal ID of the first user-assigned identity with name starting with 'id-' ===
 managedIdentityClientId=$(az identity list --resource-group "$resourceGroupName" --query "[?starts_with(name, 'id-') && !starts_with(name, 'id-sql-')].clientId | [0]" -o tsv)
 
+# === Check for VNet deployment ===
+echo "Checking for VNet deployment in resource group: $resourceGroupName"
+vnetResourceId=$(az network vnet list --resource-group "$resourceGroupName" --query "[0].id" -o tsv)
+
+# === Get resource group location ===
+rgLocation=$(az group show --name "$resourceGroupName" --query "location" -o tsv)
+
+# === Find storage account (always needed) ===
+echo "Looking for storage account in resource group..."
+storageAccountResourceId=$(az storage account list --resource-group "$resourceGroupName" --query "[0].id" -o tsv)
+
+if [ -z "$storageAccountResourceId" ]; then
+    echo "ERROR: No storage account found in resource group $resourceGroupName"
+    exit 1
+else
+    echo "Using storage account: $storageAccountResourceId"
+fi
+
+if [ -z "$vnetResourceId" ]; then
+    echo "No VNet found in resource group. Private networking is disabled."
+    enablePrivateNetworking="false"
+    subnetId=""
+    solutionLocation="$sqlServerLocation"
+    echo "Using SQL Server location for solution: $solutionLocation"
+else
+    echo "VNet found: $vnetResourceId"
+    echo "VNet detected - enabling private networking."
+    enablePrivateNetworking="true"
+    solutionLocation="$rgLocation"
+    echo "Using Resource Group location for solution: $solutionLocation"
+    
+    # === Find the deployment script subnet ===
+    echo "Looking for deployment-scripts subnet..."
+    subnetId=$(az network vnet subnet list --resource-group "$resourceGroupName" --vnet-name $(basename "$vnetResourceId") --query "[?name=='deployment-scripts'].id | [0]" -o tsv)
+    
+    if [ -z "$subnetId" ]; then
+        echo "Warning: deployment-scripts subnet not found. Checking for alternative subnet names..."
+        # Try alternative names
+        subnetId=$(az network vnet subnet list --resource-group "$resourceGroupName" --vnet-name $(basename "$vnetResourceId") --query "[?contains(name, 'deployment') || contains(name, 'script')].id | [0]" -o tsv)
+    fi
+    
+    if [ -z "$subnetId" ]; then
+        echo "Warning: No deployment script subnet found. Private networking will be disabled for deployment script."
+        enablePrivateNetworking="false"
+        subnetId=""
+    else
+        echo "Using deployment script subnet: $subnetId"
+    fi
+fi
+
 # === Validate that all required resources were found ===
-if [[ -z "$keyVaultName" || -z "$sqlServerLocation" || -z "$managedIdentityResourceId" || ! "$managedIdentityResourceId" =~ ^/subscriptions/ ]]; then
+if [[ -z "$keyVaultName" || -z "$solutionLocation" || -z "$managedIdentityResourceId" || ! "$managedIdentityResourceId" =~ ^/subscriptions/ ]]; then
   echo "ERROR: Could not find required resources in resource group $resourceGroupName or managedIdentityResourceId is invalid"
   exit 1
 fi
 
-echo "Using SQL Server Location: $sqlServerLocation"
+echo "Using Solution Location: $solutionLocation"
 echo "Using Key Vault: $keyVaultName"
 echo "Using Managed Identity Resource Id: $managedIdentityResourceId"
 echo "Using Managed Identity ClientId Id: $managedIdentityClientId"
+echo "Enable Private Networking: $enablePrivateNetworking"
+echo "Subnet ID: $subnetId"
+echo "Storage Account Resource ID: $storageAccountResourceId"
 
 # === Deploy resources using the specified Bicep template ===
 echo "Deploying Bicep template..."
 
+# Build base parameters
+deploymentParams="solutionLocation=$solutionLocation keyVaultName=$keyVaultName managedIdentityResourceId=$managedIdentityResourceId managedIdentityClientId=$managedIdentityClientId storageAccount=$storageAccountResourceId"
+
+# Add networking parameters if VNet is deployed
+if [ "$enablePrivateNetworking" = "true" ]; then
+    deploymentParams="$deploymentParams enablePrivateNetworking=true"
+    if [ -n "$subnetId" ]; then
+        deploymentParams="$deploymentParams subnetId=$subnetId"
+    fi
+else
+    deploymentParams="$deploymentParams enablePrivateNetworking=false"
+fi
+
+echo "Deployment parameters: $deploymentParams"
+
 # MSYS_NO_PATHCONV disables path conversion in Git Bash for Windows
 MSYS_NO_PATHCONV=1 az deployment group create \
   --resource-group "$resourceGroupName" \
   --template-file "$bicepFile" \
-  --parameters solutionLocation="$sqlServerLocation" keyVaultName="$keyVaultName" managedIdentityResourceId="$managedIdentityResourceId" managedIdentityClientId="$managedIdentityClientId"
+  --parameters $deploymentParams
 
 echo "Deployment completed."
