Update managed identity type and enhance allowed FQDN list for CosmosDB

Author: Harsh-Microsoft

code/create_app.py

@@ -199,7 +199,8 @@ def conversation_with_data(conversation: Request, env_helper: EnvHelper):
                             }
                             if env_helper.is_auth_type_keys()
                             else {
-                                "type": "system_assigned_managed_identity",
+                                "type": "user_assigned_managed_identity",
+                                "managed_identity_resource_id": env_helper.MANAGED_IDENTITY_RESOURCE_ID,
                             }
                         ),
                         "endpoint": env_helper.AZURE_SEARCH_SERVICE,

infra/main.bicep

@@ -842,10 +842,13 @@ module openai 'modules/core/ai/cognitiveservices.bicep' = {
     deployments: openAiDeployments
     userAssignedResourceId: managedIdentityModule.outputs.resourceId
     restrictOutboundNetworkAccess: true
-    allowedFqdnList: [
-      '${storageAccountName}.blob.${environment().suffixes.storage}'
-      '${storageAccountName}.queue.${environment().suffixes.storage}'
-    ]
+    allowedFqdnList: concat(
+      [
+        '${storageAccountName}.blob.${environment().suffixes.storage}'
+        '${storageAccountName}.queue.${environment().suffixes.storage}'
+      ],
+      databaseType == 'CosmosDB' ? ['${azureAISearchName}.search.windows.net'] : []
+    )
     enablePrivateNetworking: enablePrivateNetworking
     enableMonitoring: enableMonitoring
     enableTelemetry: enableTelemetry