Skip to content

feat: Enable AVM WAF implementation to align with updated AVM standards #1898

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 160 commits into from
Sep 15, 2025
Merged

feat: Enable AVM WAF implementation to align with updated AVM standards #1898

merged 160 commits into from
Sep 15, 2025

Conversation

@Pavan-Microsoft
Copy link
Contributor

Purpose

This pull request introduces a consistent approach to passing the managed identity client ID to the get_azure_credential function throughout the codebase. This change improves security and flexibility by ensuring that Azure service clients use the correct identity for authentication, especially in environments configured for RBAC. Additionally, environment variable handling and secret management are enhanced for better reliability and key vault usage.

Authentication and Credential Management:

  • Updated all calls to get_azure_credential to pass MANAGED_IDENTITY_CLIENT_ID from environment variables, ensuring proper managed identity authentication for Azure services [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18].
  • Added MANAGED_IDENTITY_CLIENT_ID to the EnvHelper class, loading it from environment variables for centralized access.

Secret and Key Vault Handling:

  • Improved secret retrieval by always using Key Vault for FUNCTION_KEY when available, and added a check to ensure AZURE_KEY_VAULT_ENDPOINT is set when Key Vault is enabled [1] [2] [3].

Configuration and Dependency Injection:

  • Updated Azure token provider setup in EnvHelper to use the managed identity client ID for acquiring tokens.
  • Injected EnvHelper into PostgresConversationClient for easier access to environment configuration [1] [2].

Minor and Cosmetic Changes:

  • Commented out the metadata section in azure.yaml for clarity or future use.

These changes collectively strengthen the application's authentication mechanisms and improve maintainability by centralizing environment and credential management.

Does this introduce a breaking change?

  • Yes
  • No

How to Test

  • Get the code
git clone [repo-address]
cd [repo-name]
git checkout [branch-name]
npm install

What to Check

Verify that the deployment and application end to end testing.

Roopan-Microsoft and others added 30 commits November 25, 2024 16:02
@Roopan-Microsoft
ci: Updated workflow to handle main, dev and demo branch | Dependabot…
2dbb0b1 
… changes (Azure-Samples#1509)
@Roopan-Microsoft
fix: SFI Fixes & scope reverted to subscription (Azure-Samples#1513)
97ced9f
@Roopan-Microsoft
ci: workflow updated for build docker (Azure-Samples#1514)
903c259
@Roopan-Microsoft
ci: build docker updated for dev (Azure-Samples#1522)
4cf2972
@Roopan-Microsoft
ci: workflow branch code updated (Azure-Samples#1525)
9158819
@AjitPadhi-Microsoft
updated comment
4545a48
@AjitPadhi-Microsoft
updated workflow
84a33b5
@AjitPadhi-Microsoft
updated workflow
f8c1c8f
@AjitPadhi-Microsoft
updated workflow
e31a661
@AjitPadhi-Microsoft
updated bicep for registry
847ce7e
@AjitPadhi-Microsoft
fixed bicep
8f8cc98
@AjitPadhi-Microsoft @Roopan-Microsoft
fix: bicep updated (Azure-Samples#1527)
15b948c 
Co-authored-by: Roopan P M <[email protected]>
@Roopan-Microsoft
Merge branch 'main' into dev
1645e43
@Roopan-Microsoft
Merge branch 'dev' of https://github.com/Azure-Samples/chat-with-your…
8df387a 
…-data-solution-accelerator into dev
@AjitPadhi-Microsoft
fix: Container issue fix for multiple branch (Azure-Samples#1539)
e4dd5f2
@AjitPadhi-Microsoft @Roopan-Microsoft
fix: Updated workflow (Azure-Samples#1540)
88d06dc 
Co-authored-by: Roopan P M <[email protected]>
@Roopan-Microsoft @AjitPadhi-Microsoft
ci: Psl container fix for checkout code from head branch (Azure-Sampl…
e5cf4dd 
…es#1541)

Co-authored-by: Ajit Padhi <[email protected]>
@AjitPadhi-Microsoft @Roopan-Microsoft
fix: multiple container tag issue fix (Azure-Samples#1552)
02d0056 
Co-authored-by: Roopan-Microsoft <[email protected]>
@AjitPadhi-Microsoft @Roopan-Microsoft
fix: Workflow issue fix on docker image (Azure-Samples#1554)
90e1040 
Co-authored-by: Roopan-Microsoft <[email protected]>
@Pavan-Microsoft @Roopan-Microsoft
@ross-p-smith @gpickett @Fr4nc3 @Prajwal-Microsoft
fix: Downmerge dev (Azure-Samples#1566)
8a5a1cb 
Co-authored-by: Roopan-Microsoft <[email protected]>
Co-authored-by: Ross Smith <[email protected]>
Co-authored-by: gpickett <[email protected]>
Co-authored-by: Francia Riesco <[email protected]>
Co-authored-by: Francia Riesco <[email protected]>
Co-authored-by: Prajwal D C <[email protected]>
@Harmanpreet-Microsoft
fix: CWYD Citation Links to Documents Break After Specific Timeframe (A…
131c323 
…zure-Samples#1569)
@UtkarshMishra-Microsoft
fix: Commit changes bug (Azure-Samples#1568)
93b84ed
@Pavan-Microsoft
fix: Post-Deployment Script for Managing Bicep Outputs in .env File a…
0875b92 
…nd Update Conversation flow based on template selection (Azure-Samples#1567)

Co-authored-by: Pavan Kumar <v-kupavan.microsoft.com>
@Pavan-Microsoft
fix: import error in env_helper.py (Azure-Samples#1571)
76190b3
@Priyanka-Microsoft
fix: add conversation flow in environment variable for adminweb app (A…
c65bf01 
…zure-Samples#1572)
@Prasanjeet-Microsoft
fix: Update Hosting Model Configuration in ARM/Bicep Template (Azure-…
1f326d9 
…Samples#1570)
@Priyanka-Microsoft
fix: Update main.json for changes conversation flow changes in bicep (A…
fc688c2 
…zure-Samples#1574)
@Roopan-Microsoft
Merge branch 'main' into dev
56adb59
@Roopan-Microsoft @dependabot @Pavan-Microsoft
build: Dependabotchanges merge to Dev branch (Azure-Samples#1602)
afaabdc 
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Pavan-Microsoft <[email protected]>
@Pavan-Microsoft
feat: Configurable System Prompts for Flexibility and Maintenance - C…
03f52b3 
…WYD (Azure-Samples#1603)
Pavan-Microsoft and others added 20 commits September 10, 2025 23:32
@Pavan-Microsoft
Merge branch 'infra-avm-waf' of https://github.com/Prasanjeet-Microso…
adf9a93 
…ft/chat-with-your-data-solution-accelerator into infra-avm-waf
@Pavan-Microsoft
refactor: streamline managed identity and cognitive services configur…
068f2de 
…ations, enhance parameter handling
@Pavan-Microsoft
refactor: update FUNCTION_KEY naming convention, enhance cognitive se…
b5cfc09 
…rvices and storage account configurations
@Pavan-Microsoft
refactor: update allowedFqdnList parameter initialization in cognitiv…
dda47f5 
…e services Bicep file
@Pavan-Microsoft
refactor: enhance PostgreSQL flexible server Bicep file with addition…
15c7f47 
…al parameters and improved descriptions
@Harmanpreet-Microsoft
refactor: enhance DNS configuration handling in CosmosDB and Search s…
6fb94a2 
…ervices Bicep files
@Pavan-Microsoft
refactor: add disableLocalAuth parameter to Cognitive Services config…
b140d60 
…uration for enhanced authentication control
@Pavan-Microsoft
Merge branch 'infra-avm-waf' of https://github.com/Prasanjeet-Microso…
ce5c5be 
…ft/chat-with-your-data-solution-accelerator into infra-avm-waf
@Harmanpreet-Microsoft
refactor: improve DNS configuration handling in CosmosDB and Search s…
9cf319a 
…ervices Bicep files
@Pavan-Microsoft
refactor: remove defaultToOAuthAuthentication parameter from storage …
0d6392b 
…account Bicep module
@Pavan-Microsoft
refactor: add queue FQDN to allowed list for storage account in Cogni…
0dbcf5f 
…tive Services module
@Pavan-Microsoft
refactor: add Search Index Data Reader role assignments in search ser…
267f51c 
…vices module and include resource group and subscription ID in web app settings
@Prasanjeet-Microsoft
avm waf latest changes - 12th Sept
ba6ed79
@Pavan-Microsoft
refactor: update function app to use user assigned identity client ID…
c865844 
… and enhance PostgreSQL configurations
@Pavan-Microsoft
refactor: change default database type from CosmosDB to PostgreSQL
7474560
@Pavan-Microsoft
Remove unused Bicep modules related to Azure resources including Cosm…
3b0862f 
…os SQL role assignments, App Service settings, App Service plans, ACR access permissions, role assignments, custom types for private networking, and private DNS zone configurations to streamline the infrastructure codebase.
@Pavan-Microsoft
refactor: remove administrator login and password parameters from Pos…
42593e6 
…tgreSQL module to enhance security and simplify configuration
@Pavan-Microsoft
refactor: add high availability parameter to PostgreSQL flexible serv…
ff0b829 
…er configuration
@Pavan-Microsoft
refactor: remove unused principal parameters and update managed ident…
6aa5fa8 
…ity handling in scripts
@Pavan-Microsoft
refactor: streamline PostgreSQL configuration by removing unused para…
17c930f 
…meters and adding high availability support
@Prajwal-Microsoft Prajwal-Microsoft merged commit 5d561e9 into Azure-Samples:waf-avm Sep 15, 2025
1 check passed
@github-actions
Copy link

github-actions bot commented Oct 6, 2025

🎉 This PR is included in version 1.16.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Prajwal-Microsoft Prajwal-Microsoft Prajwal-Microsoft approved these changes

@Avijit-Microsoft Avijit-Microsoft Awaiting requested review from Avijit-Microsoft Avijit-Microsoft is a code owner

@Roopan-Microsoft Roopan-Microsoft Awaiting requested review from Roopan-Microsoft Roopan-Microsoft is a code owner

@Fr4nc3 Fr4nc3 Awaiting requested review from Fr4nc3 Fr4nc3 is a code owner

@Vinay-Microsoft Vinay-Microsoft Awaiting requested review from Vinay-Microsoft Vinay-Microsoft is a code owner

@aniaroramsft aniaroramsft Awaiting requested review from aniaroramsft aniaroramsft is a code owner

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.