Search - fixed bug where roleassignments was not being used

Author: Seth

infra/main.bicep

@@ -258,13 +258,17 @@ module aiSearch 'modules/aisearch.bicep' = if (searchEnabled) {
     virtualNetworkResourceId: networkIsolation ? network.outputs.virtualNetworkId : ''
     virtualNetworkSubnetResourceId: networkIsolation ? network.outputs.vmSubnetId : ''
     logAnalyticsWorkspaceResourceId: logAnalyticsWorkspace.outputs.resourceId
-    userObjectId: userObjectId
     roleAssignments: union(empty(userObjectId) ? [] : [
       {
         principalId: userObjectId
         principalType: 'User'
         roleDefinitionIdOrName: 'Search Index Data Contributor'
       }
+      {
+        principalId: userObjectId
+        principalType: 'User'
+        roleDefinitionIdOrName: 'Search Index Data Reader'
+      }
     ], [
       {
         principalId: cognitiveServices.outputs.aiServicesSystemAssignedMIPrincipalId

infra/main.json

@@ -5,8 +5,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.36.1.42791",
-      "templateHash": "14037525013444695971"
+      "version": "0.33.93.31351",
+      "templateHash": "5303146368545342618"
     }
   },
   "definitions": {
@@ -4900,8 +4900,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.36.1.42791",
-              "templateHash": "14424734402412352330"
+              "version": "0.33.93.31351",
+              "templateHash": "10563293765969438544"
             }
           },
           "parameters": {
@@ -5580,8 +5580,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.36.1.42791",
-              "templateHash": "11746621349310683559"
+              "version": "0.33.93.31351",
+              "templateHash": "9442281453257963936"
             }
           },
           "parameters": {
@@ -11965,8 +11965,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.36.1.42791",
-              "templateHash": "2158520837294746606"
+              "version": "0.33.93.31351",
+              "templateHash": "12630130910180117756"
             }
           },
           "parameters": {
@@ -18193,8 +18193,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.36.1.42791",
-              "templateHash": "8737464205872383016"
+              "version": "0.33.93.31351",
+              "templateHash": "5079190893808934258"
             }
           },
           "definitions": {
@@ -30221,8 +30221,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.36.1.42791",
-              "templateHash": "532244891627057375"
+              "version": "0.33.93.31351",
+              "templateHash": "12413221929297508620"
             }
           },
           "definitions": {
@@ -36573,8 +36573,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.36.1.42791",
-                      "templateHash": "2348080591288311162"
+                      "version": "0.33.93.31351",
+                      "templateHash": "6894574649925342276"
                     }
                   },
                   "definitions": {
@@ -39314,8 +39314,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.36.1.42791",
-                      "templateHash": "2348080591288311162"
+                      "version": "0.33.93.31351",
+                      "templateHash": "6894574649925342276"
                     }
                   },
                   "definitions": {
@@ -42057,8 +42057,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.36.1.42791",
-                      "templateHash": "2348080591288311162"
+                      "version": "0.33.93.31351",
+                      "templateHash": "6894574649925342276"
                     }
                   },
                   "definitions": {
@@ -44800,8 +44800,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.36.1.42791",
-                      "templateHash": "2348080591288311162"
+                      "version": "0.33.93.31351",
+                      "templateHash": "6894574649925342276"
                     }
                   },
                   "definitions": {
@@ -47540,8 +47540,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.36.1.42791",
-                      "templateHash": "2348080591288311162"
+                      "version": "0.33.93.31351",
+                      "templateHash": "6894574649925342276"
                     }
                   },
                   "definitions": {
@@ -50283,8 +50283,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.36.1.42791",
-                      "templateHash": "2348080591288311162"
+                      "version": "0.33.93.31351",
+                      "templateHash": "6894574649925342276"
                     }
                   },
                   "definitions": {
@@ -53023,8 +53023,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.36.1.42791",
-                      "templateHash": "2348080591288311162"
+                      "version": "0.33.93.31351",
+                      "templateHash": "6894574649925342276"
                     }
                   },
                   "definitions": {
@@ -55788,8 +55788,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.36.1.42791",
-              "templateHash": "15578119539506362308"
+              "version": "0.33.93.31351",
+              "templateHash": "337781424599225735"
             }
           },
           "parameters": {
@@ -55977,11 +55977,8 @@
           "logAnalyticsWorkspaceResourceId": {
             "value": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]"
           },
-          "userObjectId": {
-            "value": "[parameters('userObjectId')]"
-          },
           "roleAssignments": {
-            "value": "[union(if(empty(parameters('userObjectId')), createArray(), createArray(createObject('principalId', parameters('userObjectId'), 'principalType', 'User', 'roleDefinitionIdOrName', 'Search Index Data Contributor'))), createArray(createObject('principalId', reference('cognitiveServices').outputs.aiServicesSystemAssignedMIPrincipalId.value, 'principalType', 'ServicePrincipal', 'roleDefinitionIdOrName', 'Search Index Data Contributor'), createObject('principalId', reference('cognitiveServices').outputs.aiServicesSystemAssignedMIPrincipalId.value, 'principalType', 'ServicePrincipal', 'roleDefinitionIdOrName', 'Search Service Contributor')))]"
+            "value": "[union(if(empty(parameters('userObjectId')), createArray(), createArray(createObject('principalId', parameters('userObjectId'), 'principalType', 'User', 'roleDefinitionIdOrName', 'Search Index Data Contributor'), createObject('principalId', parameters('userObjectId'), 'principalType', 'User', 'roleDefinitionIdOrName', 'Search Index Data Reader'))), createArray(createObject('principalId', reference('cognitiveServices').outputs.aiServicesSystemAssignedMIPrincipalId.value, 'principalType', 'ServicePrincipal', 'roleDefinitionIdOrName', 'Search Index Data Contributor'), createObject('principalId', reference('cognitiveServices').outputs.aiServicesSystemAssignedMIPrincipalId.value, 'principalType', 'ServicePrincipal', 'roleDefinitionIdOrName', 'Search Service Contributor')))]"
           },
           "tags": {
             "value": "[variables('allTags')]"
@@ -55994,8 +55991,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.36.1.42791",
-              "templateHash": "10624928188153796868"
+              "version": "0.33.93.31351",
+              "templateHash": "9060803724389588162"
             }
           },
           "definitions": {
@@ -56120,12 +56117,6 @@
                 "description": "Specifies whether network isolation is enabled. This will create a private endpoint for the AI Search resource and link the private DNS zone."
               }
             },
-            "userObjectId": {
-              "type": "string",
-              "metadata": {
-                "description": "Specifies the object id of a Microsoft Entra ID user. In general, this the object id of the system administrator who deploys the Azure resources. This defaults to the deploying user."
-              }
-            },
             "roleAssignments": {
               "type": "array",
               "items": {
@@ -59221,7 +59212,9 @@
                   "replicaCount": {
                     "value": 3
                   },
-                  "roleAssignments": "[if(empty(parameters('userObjectId')), createObject('value', createArray()), createObject('value', createArray(createObject('principalId', parameters('userObjectId'), 'principalType', 'User', 'roleDefinitionIdOrName', 'Search Index Data Contributor'), createObject('principalId', parameters('userObjectId'), 'principalType', 'User', 'roleDefinitionIdOrName', 'Search Index Data Reader'))))]",
+                  "roleAssignments": {
+                    "value": "[parameters('roleAssignments')]"
+                  },
                   "diagnosticSettings": {
                     "value": [
                       {
@@ -61416,8 +61409,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.36.1.42791",
-              "templateHash": "14156198524686936179"
+              "version": "0.33.93.31351",
+              "templateHash": "10286244752482293080"
             }
           },
           "parameters": {
@@ -61985,8 +61978,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.36.1.42791",
-              "templateHash": "9207373860269569676"
+              "version": "0.33.93.31351",
+              "templateHash": "13278853949319290770"
             }
           },
           "parameters": {
@@ -69918,8 +69911,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.36.1.42791",
-              "templateHash": "7173901627480655800"
+              "version": "0.33.93.31351",
+              "templateHash": "1436217564672922666"
             }
           },
           "definitions": {
@@ -77117,8 +77110,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.36.1.42791",
-              "templateHash": "18362011243916437863"
+              "version": "0.33.93.31351",
+              "templateHash": "5330058909966791926"
             }
           },
           "definitions": {

infra/modules/aisearch.bicep

@@ -19,9 +19,7 @@ param logAnalyticsWorkspaceResourceId string
 @description('Specifies whether network isolation is enabled. This will create a private endpoint for the AI Search resource and link the private DNS zone.')
 param networkIsolation bool = true
 
-@description('Specifies the object id of a Microsoft Entra ID user. In general, this the object id of the system administrator who deploys the Azure resources. This defaults to the deploying user.')
-param userObjectId string
-
+import { roleAssignmentType } from 'br/public:avm/utl/types/avm-common-types:0.5.1'
 @description('Optional. Array of role assignments to create.')
 param roleAssignments roleAssignmentType[]?
 
@@ -53,20 +51,9 @@ module aiSearch 'br/public:avm/res/search/search-service:0.9.2' = {
       publicNetworkAccess: networkIsolation ? 'Disabled' : 'Enabled'
       disableLocalAuth: true
       sku: 'standard'
-      partitionCount:1
-      replicaCount:3
-      roleAssignments: empty(userObjectId) ? [] : [
-        {
-          principalId: userObjectId
-          principalType: 'User'
-          roleDefinitionIdOrName: 'Search Index Data Contributor'
-        }
-        {
-          principalId: userObjectId
-          principalType: 'User'
-          roleDefinitionIdOrName: 'Search Index Data Reader'
-        }
-      ]
+      partitionCount: 1
+      replicaCount: 3
+      roleAssignments: roleAssignments
       diagnosticSettings: [
         {
           workspaceResourceId: logAnalyticsWorkspaceResourceId
@@ -88,7 +75,7 @@ module aiSearch 'br/public:avm/res/search/search-service:0.9.2' = {
   }
 }
 
-import { roleAssignmentType } from 'br/public:avm/utl/types/avm-common-types:0.5.1'
+
 
 output resourceId string = aiSearch.outputs.resourceId
 output name string = aiSearch.outputs.name