diff --git a/infra/main.json b/infra/main.json index e8ba8e73..7aa9114e 100644 --- a/infra/main.json +++ b/infra/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "5885652317352749587" + "version": "0.43.8.12551", + "templateHash": "12545195410241248179" }, "name": "Content Processing Solution Accelerator", "description": "Bicep template to deploy the Content Processing Solution Accelerator with AVM compliance." @@ -337,8 +337,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "10219602196309243204" + "version": "0.43.8.12551", + "templateHash": "13206959925771644022" } }, "definitions": { @@ -19306,8 +19306,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "15098611015028470375" + "version": "0.43.8.12551", + "templateHash": "13200482898648544945" } }, "parameters": { @@ -23332,8 +23332,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "18123481228095028530" + "version": "0.43.8.12551", + "templateHash": "15729887991536611208" } }, "parameters": { @@ -23936,8 +23936,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "1869938830611166930" + "version": "0.43.8.12551", + "templateHash": "8672669912945312056" }, "name": "Container Registry Module" }, @@ -36183,8 +36183,8 @@ "avmContainerApp_API", "avmContainerApp_Workflow", "avmManagedIdentity", - "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageQueue)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageBlob)]", + "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageQueue)]", "virtualNetwork" ] }, @@ -36314,8 +36314,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "18336251851332975005" + "version": "0.43.8.12551", + "templateHash": "9621562991003135575" }, "name": "Cognitive Services", "description": "This module deploys a Cognitive Service." @@ -37574,8 +37574,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "8883353547455396972" + "version": "0.43.8.12551", + "templateHash": "8864856500234357706" } }, "definitions": { @@ -39307,8 +39307,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "13560950051680758953" + "version": "0.43.8.12551", + "templateHash": "312284397710022090" } }, "definitions": { @@ -39461,8 +39461,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "2020223351407601593" + "version": "0.43.8.12551", + "templateHash": "276675105610077046" } }, "definitions": { @@ -39679,8 +39679,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "8883353547455396972" + "version": "0.43.8.12551", + "templateHash": "8864856500234357706" } }, "definitions": { @@ -41412,8 +41412,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "13560950051680758953" + "version": "0.43.8.12551", + "templateHash": "312284397710022090" } }, "definitions": { @@ -41566,8 +41566,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "2020223351407601593" + "version": "0.43.8.12551", + "templateHash": "276675105610077046" } }, "definitions": { @@ -42487,9 +42487,9 @@ }, "dependsOn": [ "avmAiServices", + "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').contentUnderstanding)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').openAI)]", - "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]", "virtualNetwork" ] diff --git a/infra/scripts/post_deployment.ps1 b/infra/scripts/post_deployment.ps1 index aa116003..4ed40a8e 100644 --- a/infra/scripts/post_deployment.ps1 +++ b/infra/scripts/post_deployment.ps1 @@ -239,3 +239,74 @@ if (-not $ApiReady) { Write-Host " Schemas registered: $($Registered.Count)" Write-Host ("=" * 60) } + +# --- Refresh Content Understanding Cognitive Services account --- +Write-Host "" +Write-Host ("=" * 60) +Write-Host "Refreshing Content Understanding Cognitive Services account..." +Write-Host ("=" * 60) + +$CU_ACCOUNT_NAME = "" +try { + $CU_ACCOUNT_NAME = (azd env get-value CONTENT_UNDERSTANDING_ACCOUNT_NAME 2>$null) + if (-not $CU_ACCOUNT_NAME) { $CU_ACCOUNT_NAME = "" } +} catch { + $CU_ACCOUNT_NAME = "" +} + +# Verify the account from the env value still exists; if not, fall back to discovering +# the AIServices account in the resource group. This protects against stale .env values +# left over from prior deployments (different template/fork) and against the env value +# pointing to a resource that no longer exists. +if ($CU_ACCOUNT_NAME) { + # Capture stderr so we can distinguish a real "not found" response from a + # transient/auth/CLI failure. Only treat the env value as stale when Azure + # actually reports the resource is missing; for any other error keep the + # env value untouched and log the underlying error for diagnosability. + $ShowOutput = az cognitiveservices account show -g $RESOURCE_GROUP -n $CU_ACCOUNT_NAME --output none 2>&1 + if ($LASTEXITCODE -ne 0) { + $ShowOutputStr = ($ShowOutput | Out-String).Trim() + if ($ShowOutputStr -match '(?i)ResourceNotFound|was not found|could not be found') { + Write-Host " [Warn] Cognitive Services account '$CU_ACCOUNT_NAME' from azd env was not found in resource group '$RESOURCE_GROUP'." + Write-Host " The azd env value may be stale. Attempting to discover the AIServices account in the resource group..." + $CU_ACCOUNT_NAME = "" + } else { + Write-Host " [Warn] Could not verify Cognitive Services account '$CU_ACCOUNT_NAME' (transient or CLI error). Keeping env value and skipping discovery." + Write-Host " az error: $ShowOutputStr" + } + } +} + +if (-not $CU_ACCOUNT_NAME) { + # Enumerate ALL AIServices accounts (not just the first). When the resource + # group contains exactly one we auto-recover; when it contains more than one + # we refuse to guess and ask the user to set the env value explicitly, to + # avoid persisting the wrong account name into azd env. + $CuAccounts = @(az cognitiveservices account list -g $RESOURCE_GROUP --query "[?kind=='AIServices'].name" -o tsv 2>$null) + $CuAccounts = @($CuAccounts | Where-Object { $_ -and $_.Trim() -ne "" }) + if ($CuAccounts.Count -eq 1) { + $CU_ACCOUNT_NAME = $CuAccounts[0] + Write-Host " Discovered AIServices account in resource group: $CU_ACCOUNT_NAME" + # Refresh the azd env so subsequent runs use the correct value. + try { azd env set CONTENT_UNDERSTANDING_ACCOUNT_NAME $CU_ACCOUNT_NAME 2>$null | Out-Null } catch { } + } elseif ($CuAccounts.Count -gt 1) { + Write-Host " [Warn] Multiple AIServices accounts found in resource group '$RESOURCE_GROUP': $($CuAccounts -join ', ')" + Write-Host " Please set CONTENT_UNDERSTANDING_ACCOUNT_NAME in azd env to the correct account name. Skipping refresh." + } else { + Write-Host " [Warn] No Content Understanding (AIServices) account found in resource group '$RESOURCE_GROUP'. Skipping refresh." + } +} + +if ($CU_ACCOUNT_NAME) { + Write-Host " Refreshing account: $CU_ACCOUNT_NAME in resource group: $RESOURCE_GROUP" + # Capture stderr so that any Azure CLI error is preserved in deployment + # logs even though this refresh step is non-fatal. + $UpdateOutput = az cognitiveservices account update -g $RESOURCE_GROUP -n $CU_ACCOUNT_NAME --tags refresh=true --output none 2>&1 + if ($LASTEXITCODE -eq 0) { + Write-Host " [OK] Successfully refreshed Cognitive Services account '$CU_ACCOUNT_NAME'." + } else { + $UpdateOutputStr = ($UpdateOutput | Out-String).Trim() + Write-Host " [Warn] Could not refresh Cognitive Services account '$CU_ACCOUNT_NAME'. Continuing - this step is non-fatal." + Write-Host " az error: $UpdateOutputStr" + } +} diff --git a/infra/scripts/post_deployment.sh b/infra/scripts/post_deployment.sh index 49644a4d..cb4788e6 100644 --- a/infra/scripts/post_deployment.sh +++ b/infra/scripts/post_deployment.sh @@ -256,17 +256,84 @@ echo "============================================================" CU_ACCOUNT_NAME=$(azd env get-value CONTENT_UNDERSTANDING_ACCOUNT_NAME 2>/dev/null || echo "") +# Verify the account from the env value still exists; if not, fall back to discovering +# the AIServices account in the resource group. This protects against stale .env values +# left over from prior deployments (different template/fork) and against the env value +# pointing to a resource that no longer exists. +if [ -n "$CU_ACCOUNT_NAME" ]; then + # Capture stderr so we can distinguish a real "not found" response from a + # transient/auth/CLI failure. Only treat the env value as stale when Azure + # actually reports the resource is missing; for any other error keep the + # env value untouched and log the underlying error for diagnosability. + # `set +e` is required because `set -e` (enabled at the top of the script) + # would otherwise exit the script as soon as `az ... show` returns non-zero, + # before we can inspect $? and decide whether to fall back to discovery. + set +e + CU_SHOW_ERR=$(az cognitiveservices account show \ + -g "$RESOURCE_GROUP" \ + -n "$CU_ACCOUNT_NAME" \ + --output none 2>&1) + CU_SHOW_EC=$? + set -e + if [ $CU_SHOW_EC -ne 0 ]; then + if echo "$CU_SHOW_ERR" | grep -qiE "ResourceNotFound|was not found|could not be found"; then + echo " ⚠️ Cognitive Services account '$CU_ACCOUNT_NAME' from azd env was not found in resource group '$RESOURCE_GROUP'." + echo " The azd env value may be stale. Attempting to discover the AIServices account in the resource group..." + CU_ACCOUNT_NAME="" + else + echo " ⚠️ Could not verify Cognitive Services account '$CU_ACCOUNT_NAME' (transient or CLI error). Keeping env value and skipping discovery." + echo " az error: $CU_SHOW_ERR" + fi + fi +fi + if [ -z "$CU_ACCOUNT_NAME" ]; then - echo " ⚠️ CONTENT_UNDERSTANDING_ACCOUNT_NAME not found in azd env. Skipping refresh." -else + # Enumerate ALL AIServices accounts (not just the first). When the resource + # group contains exactly one we auto-recover; when it contains more than one + # we refuse to guess and ask the user to set the env value explicitly, to + # avoid persisting the wrong account name into azd env. + # Use a portable `while read` loop instead of `mapfile`, because `mapfile` + # requires bash 4+ and the azd postprovision hook also runs on macOS where + # the default shell is still bash 3.2. + CU_ACCOUNTS=() + while IFS= read -r _cu_acct; do + [ -n "$_cu_acct" ] && CU_ACCOUNTS+=("$_cu_acct") + done < <(az cognitiveservices account list \ + -g "$RESOURCE_GROUP" \ + --query "[?kind=='AIServices'].name" \ + -o tsv 2>/dev/null || true) + if [ "${#CU_ACCOUNTS[@]}" -eq 1 ]; then + CU_ACCOUNT_NAME="${CU_ACCOUNTS[0]}" + echo " Discovered AIServices account in resource group: $CU_ACCOUNT_NAME" + # Refresh the azd env so subsequent runs use the correct value. + azd env set CONTENT_UNDERSTANDING_ACCOUNT_NAME "$CU_ACCOUNT_NAME" >/dev/null 2>&1 || true + elif [ "${#CU_ACCOUNTS[@]}" -gt 1 ]; then + echo " ⚠️ Multiple AIServices accounts found in resource group '$RESOURCE_GROUP': ${CU_ACCOUNTS[*]}" + echo " Please set CONTENT_UNDERSTANDING_ACCOUNT_NAME in azd env to the correct account name. Skipping refresh." + else + echo " ⚠️ No Content Understanding (AIServices) account found in resource group '$RESOURCE_GROUP'. Skipping refresh." + fi +fi + +if [ -n "$CU_ACCOUNT_NAME" ]; then echo " Refreshing account: $CU_ACCOUNT_NAME in resource group: $RESOURCE_GROUP" - if az cognitiveservices account update \ + # Capture stderr so that any Azure CLI error is preserved in deployment + # logs even though this refresh step is non-fatal. + # `set +e` is required because `set -e` (enabled at the top of the script) + # would otherwise exit the script as soon as `az ... update` returns + # non-zero, defeating the explicit "non-fatal" handling below. + set +e + CU_UPDATE_ERR=$(az cognitiveservices account update \ -g "$RESOURCE_GROUP" \ -n "$CU_ACCOUNT_NAME" \ --tags refresh=true \ - --output none; then + --output none 2>&1) + CU_UPDATE_EC=$? + set -e + if [ $CU_UPDATE_EC -eq 0 ]; then echo " ✅ Successfully refreshed Cognitive Services account '$CU_ACCOUNT_NAME'." else - echo " ❌ Failed to refresh Cognitive Services account '$CU_ACCOUNT_NAME'." + echo " ⚠️ Could not refresh Cognitive Services account '$CU_ACCOUNT_NAME'. Continuing — this step is non-fatal." + echo " az error: $CU_UPDATE_ERR" fi fi