From 6d3c4421536d73bbe506337c8d37578e1731375f Mon Sep 17 00:00:00 2001 From: "Niraj Chaudhari (Persistent Systems Inc)" Date: Fri, 8 May 2026 11:15:17 +0530 Subject: [PATCH 1/4] Add tags to prevent SFI W18 Policy violation --- infra/main.bicep | 5 ++++- infra/main.json | 36 ++++++++++++++++++------------------ infra/main_custom.bicep | 5 ++++- 3 files changed, 26 insertions(+), 20 deletions(-) diff --git a/infra/main.bicep b/infra/main.bicep index 0f233ffda..5a851ea8d 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -1136,7 +1136,10 @@ module containerAppEnvironment 'br/public:avm/res/app/managed-environment:0.13.1 params: { name: containerAppEnvironmentResourceName location: location - tags: tags + tags: { + ...resourceGroup().tags + ...tags + } enableTelemetry: enableTelemetry // WAF aligned configuration for Private Networking publicNetworkAccess: enablePrivateNetworking ? 'Disabled' : 'Enabled' diff --git a/infra/main.json b/infra/main.json index 4085548d8..34998ee8a 100644 --- a/infra/main.json +++ b/infra/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "8490920419623942773" + "version": "0.39.26.7824", + "templateHash": "6973968965982796675" }, "name": "Multi-Agent Custom Automation Engine", "description": "This module contains the resources required to deploy the [Multi-Agent Custom Automation Engine solution accelerator](https://github.com/microsoft/Multi-Agent-Custom-Automation-Engine-Solution-Accelerator) for both Sandbox environments and WAF aligned environments.\r\n\r\n> **Note:** This module is not intended for broad, generic use, as it was designed by the Commercial Solution Areas CTO team, as a Microsoft Solution Accelerator. Feature requests and bug fix requests are welcome if they support the needs of this organization but may not be incorporated if they aim to make this module more generic than what it needs to be for its primary use case. This module will likely be updated to leverage AVM resource modules in the future. This may result in breaking changes in upcoming versions when these features are implemented.\r\n" @@ -4991,8 +4991,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "4286500745908716598" + "version": "0.39.26.7824", + "templateHash": "16466396517695720401" } }, "definitions": { @@ -24308,8 +24308,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "6570260143045999127" + "version": "0.39.26.7824", + "templateHash": "3729960794136576463" } }, "definitions": { @@ -24616,7 +24616,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]", + "scope": "[format('Microsoft.CognitiveServices/accounts/{0}', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -27973,9 +27973,9 @@ }, "dependsOn": [ "aiFoundryAiServices", + "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').openAI)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]", - "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]", "virtualNetwork" ] }, @@ -28012,8 +28012,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "14513113443903512301" + "version": "0.39.26.7824", + "templateHash": "2511165232243944989" } }, "parameters": { @@ -34109,7 +34109,7 @@ "value": "[parameters('location')]" }, "tags": { - "value": "[parameters('tags')]" + "value": "[shallowMerge(createArray(resourceGroup().tags, parameters('tags')))]" }, "enableTelemetry": { "value": "[parameters('enableTelemetry')]" @@ -42561,8 +42561,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "15053339789155096730" + "version": "0.39.26.7824", + "templateHash": "17255929531929846207" } }, "definitions": { @@ -43518,7 +43518,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[resourceId('Microsoft.Web/sites', parameters('name'))]", + "scope": "[format('Microsoft.Web/sites/{0}', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", "properties": { "copy": [ @@ -43593,8 +43593,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "16493651611122310009" + "version": "0.39.26.7824", + "templateHash": "5308269420307571977" }, "name": "Site App Settings", "description": "This module deploys a Site App Setting." @@ -54840,8 +54840,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.42.1.51946", - "templateHash": "4859654437121510695" + "version": "0.39.26.7824", + "templateHash": "5805872877074593071" } }, "parameters": { diff --git a/infra/main_custom.bicep b/infra/main_custom.bicep index fbbbcf280..af8a00a22 100644 --- a/infra/main_custom.bicep +++ b/infra/main_custom.bicep @@ -1134,7 +1134,10 @@ module containerAppEnvironment 'br/public:avm/res/app/managed-environment:0.13.1 params: { name: containerAppEnvironmentResourceName location: location - tags: tags + tags: { + ...resourceGroup().tags + ...tags + } enableTelemetry: enableTelemetry // WAF aligned configuration for Private Networking publicNetworkAccess: enablePrivateNetworking ? 'Disabled' : 'Enabled' From 0786842da7b6b458ebe7ff8d4be1ef756a6125ca Mon Sep 17 00:00:00 2001 From: "Niraj Chaudhari (Persistent Systems Inc)" Date: Fri, 8 May 2026 12:04:52 +0530 Subject: [PATCH 2/4] Update Bicep version and re-generate main.json --- infra/main.json | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/infra/main.json b/infra/main.json index 34998ee8a..73144a893 100644 --- a/infra/main.json +++ b/infra/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.39.26.7824", - "templateHash": "6973968965982796675" + "version": "0.43.8.12551", + "templateHash": "16253002153134395573" }, "name": "Multi-Agent Custom Automation Engine", "description": "This module contains the resources required to deploy the [Multi-Agent Custom Automation Engine solution accelerator](https://github.com/microsoft/Multi-Agent-Custom-Automation-Engine-Solution-Accelerator) for both Sandbox environments and WAF aligned environments.\r\n\r\n> **Note:** This module is not intended for broad, generic use, as it was designed by the Commercial Solution Areas CTO team, as a Microsoft Solution Accelerator. Feature requests and bug fix requests are welcome if they support the needs of this organization but may not be incorporated if they aim to make this module more generic than what it needs to be for its primary use case. This module will likely be updated to leverage AVM resource modules in the future. This may result in breaking changes in upcoming versions when these features are implemented.\r\n" @@ -4991,8 +4991,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.39.26.7824", - "templateHash": "16466396517695720401" + "version": "0.43.8.12551", + "templateHash": "9540091515555271756" } }, "definitions": { @@ -24308,8 +24308,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.39.26.7824", - "templateHash": "3729960794136576463" + "version": "0.43.8.12551", + "templateHash": "7866379492866507946" } }, "definitions": { @@ -24616,7 +24616,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.CognitiveServices/accounts/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -28012,8 +28012,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.39.26.7824", - "templateHash": "2511165232243944989" + "version": "0.43.8.12551", + "templateHash": "2868048678223903575" } }, "parameters": { @@ -42561,8 +42561,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.39.26.7824", - "templateHash": "17255929531929846207" + "version": "0.43.8.12551", + "templateHash": "18345308984648474640" } }, "definitions": { @@ -43518,7 +43518,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.Web/sites/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Web/sites', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", "properties": { "copy": [ @@ -43593,8 +43593,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.39.26.7824", - "templateHash": "5308269420307571977" + "version": "0.43.8.12551", + "templateHash": "1009721598684973971" }, "name": "Site App Settings", "description": "This module deploys a Site App Setting." @@ -54840,8 +54840,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.39.26.7824", - "templateHash": "5805872877074593071" + "version": "0.43.8.12551", + "templateHash": "9739523049889844356" } }, "parameters": { From 4c4c7bb650791d44f3fd0d77ead38cd01e06c58c Mon Sep 17 00:00:00 2001 From: "Niraj Chaudhari (Persistent Systems Inc)" Date: Fri, 8 May 2026 18:12:12 +0530 Subject: [PATCH 3/4] Update tags to avoid SFI W18 fix violation --- infra/main.bicep | 4 ++++ infra/main.json | 4 ++-- infra/main_custom.bicep | 4 ++++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/infra/main.bicep b/infra/main.bicep index 5a851ea8d..eb95ea02c 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -1139,6 +1139,10 @@ module containerAppEnvironment 'br/public:avm/res/app/managed-environment:0.13.1 tags: { ...resourceGroup().tags ...tags + TemplateName: 'MACAE' + Type: enablePrivateNetworking ? 'WAF' : 'Non-WAF' + CreatedBy: createdBy + DeploymentName: deployment().name } enableTelemetry: enableTelemetry // WAF aligned configuration for Private Networking diff --git a/infra/main.json b/infra/main.json index 73144a893..44e42a1c4 100644 --- a/infra/main.json +++ b/infra/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.43.8.12551", - "templateHash": "16253002153134395573" + "templateHash": "15501943451693952090" }, "name": "Multi-Agent Custom Automation Engine", "description": "This module contains the resources required to deploy the [Multi-Agent Custom Automation Engine solution accelerator](https://github.com/microsoft/Multi-Agent-Custom-Automation-Engine-Solution-Accelerator) for both Sandbox environments and WAF aligned environments.\r\n\r\n> **Note:** This module is not intended for broad, generic use, as it was designed by the Commercial Solution Areas CTO team, as a Microsoft Solution Accelerator. Feature requests and bug fix requests are welcome if they support the needs of this organization but may not be incorporated if they aim to make this module more generic than what it needs to be for its primary use case. This module will likely be updated to leverage AVM resource modules in the future. This may result in breaking changes in upcoming versions when these features are implemented.\r\n" @@ -34109,7 +34109,7 @@ "value": "[parameters('location')]" }, "tags": { - "value": "[shallowMerge(createArray(resourceGroup().tags, parameters('tags')))]" + "value": "[shallowMerge(createArray(resourceGroup().tags, parameters('tags'), createObject('TemplateName', 'MACAE', 'Type', if(parameters('enablePrivateNetworking'), 'WAF', 'Non-WAF'), 'CreatedBy', parameters('createdBy'), 'DeploymentName', deployment().name)))]" }, "enableTelemetry": { "value": "[parameters('enableTelemetry')]" diff --git a/infra/main_custom.bicep b/infra/main_custom.bicep index af8a00a22..fef03962e 100644 --- a/infra/main_custom.bicep +++ b/infra/main_custom.bicep @@ -1137,6 +1137,10 @@ module containerAppEnvironment 'br/public:avm/res/app/managed-environment:0.13.1 tags: { ...resourceGroup().tags ...tags + TemplateName: 'MACAE' + Type: enablePrivateNetworking ? 'WAF' : 'Non-WAF' + CreatedBy: createdBy + DeploymentName: deployment().name } enableTelemetry: enableTelemetry // WAF aligned configuration for Private Networking From b0f719cb77b1ac76d3cb439a61b6ce3373163d6e Mon Sep 17 00:00:00 2001 From: "Niraj Chaudhari (Persistent Systems Inc)" Date: Fri, 8 May 2026 19:14:36 +0530 Subject: [PATCH 4/4] Add tag parameter --- infra/main.bicep | 6 ++---- infra/main.json | 6 +++--- infra/main.parameters.json | 5 ++++- infra/main.waf.parameters.json | 5 ++++- infra/main_custom.bicep | 6 ++---- 5 files changed, 15 insertions(+), 13 deletions(-) diff --git a/infra/main.bicep b/infra/main.bicep index eb95ea02c..1b77255e9 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -1138,11 +1138,9 @@ module containerAppEnvironment 'br/public:avm/res/app/managed-environment:0.13.1 location: location tags: { ...resourceGroup().tags + ...existingTags + ...allTags ...tags - TemplateName: 'MACAE' - Type: enablePrivateNetworking ? 'WAF' : 'Non-WAF' - CreatedBy: createdBy - DeploymentName: deployment().name } enableTelemetry: enableTelemetry // WAF aligned configuration for Private Networking diff --git a/infra/main.json b/infra/main.json index 44e42a1c4..3a9e202a6 100644 --- a/infra/main.json +++ b/infra/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.43.8.12551", - "templateHash": "15501943451693952090" + "templateHash": "1714347084428380969" }, "name": "Multi-Agent Custom Automation Engine", "description": "This module contains the resources required to deploy the [Multi-Agent Custom Automation Engine solution accelerator](https://github.com/microsoft/Multi-Agent-Custom-Automation-Engine-Solution-Accelerator) for both Sandbox environments and WAF aligned environments.\r\n\r\n> **Note:** This module is not intended for broad, generic use, as it was designed by the Commercial Solution Areas CTO team, as a Microsoft Solution Accelerator. Feature requests and bug fix requests are welcome if they support the needs of this organization but may not be incorporated if they aim to make this module more generic than what it needs to be for its primary use case. This module will likely be updated to leverage AVM resource modules in the future. This may result in breaking changes in upcoming versions when these features are implemented.\r\n" @@ -27973,9 +27973,9 @@ }, "dependsOn": [ "aiFoundryAiServices", - "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').openAI)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]", + "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]", "virtualNetwork" ] }, @@ -34109,7 +34109,7 @@ "value": "[parameters('location')]" }, "tags": { - "value": "[shallowMerge(createArray(resourceGroup().tags, parameters('tags'), createObject('TemplateName', 'MACAE', 'Type', if(parameters('enablePrivateNetworking'), 'WAF', 'Non-WAF'), 'CreatedBy', parameters('createdBy'), 'DeploymentName', deployment().name)))]" + "value": "[shallowMerge(createArray(resourceGroup().tags, variables('existingTags'), variables('allTags'), parameters('tags')))]" }, "enableTelemetry": { "value": "[parameters('enableTelemetry')]" diff --git a/infra/main.parameters.json b/infra/main.parameters.json index 7aa975400..795706922 100644 --- a/infra/main.parameters.json +++ b/infra/main.parameters.json @@ -73,6 +73,9 @@ }, "MCPContainerRegistryHostname": { "value": "${AZURE_ENV_CONTAINER_REGISTRY_ENDPOINT}" - } + }, + "tags": { + "value": "${AZURE_ENV_TAGS}" + } } } \ No newline at end of file diff --git a/infra/main.waf.parameters.json b/infra/main.waf.parameters.json index bb551e202..3d6106d3b 100644 --- a/infra/main.waf.parameters.json +++ b/infra/main.waf.parameters.json @@ -91,6 +91,9 @@ }, "MCPContainerRegistryHostname": { "value": "${AZURE_ENV_CONTAINER_REGISTRY_ENDPOINT}" - } + }, + "tags": { + "value": "${AZURE_ENV_TAGS}" + } } } \ No newline at end of file diff --git a/infra/main_custom.bicep b/infra/main_custom.bicep index fef03962e..d79df672e 100644 --- a/infra/main_custom.bicep +++ b/infra/main_custom.bicep @@ -1136,11 +1136,9 @@ module containerAppEnvironment 'br/public:avm/res/app/managed-environment:0.13.1 location: location tags: { ...resourceGroup().tags + ...existingTags + ...allTags ...tags - TemplateName: 'MACAE' - Type: enablePrivateNetworking ? 'WAF' : 'Non-WAF' - CreatedBy: createdBy - DeploymentName: deployment().name } enableTelemetry: enableTelemetry // WAF aligned configuration for Private Networking