fix(t15): gate explicit account capability host behind opt-in flag#759
Closed
vtrika wants to merge 1 commit into
Closed
fix(t15): gate explicit account capability host behind opt-in flag#759vtrika wants to merge 1 commit into
vtrika wants to merge 1 commit into
Conversation
Template 15 (private-network-standard-agent-setup) was unconditionally
provisioning the account-level capability host twice:
1. Implicitly, server-side: when the account is created with
networkInjections.scenario='agent', the platform auto-provisions a
capability host named '<account>@aml_aiagentservice'.
2. Explicitly: add-account-capability-host.bicep then PUT a second caphost
('caphostacct') against the same account.
Only one capability host per account is allowed. The second PUT is rejected
by agent-management, ARM keeps polling, and the deployment fails after the
1h resource-provisioning timeout.
This change makes the explicit caphost opt-in via a new boolean parameter
'createAccountCapabilityHost' (default false). The module is preserved for
two legitimate scenarios:
- BYO existing account that has no capability host yet (original use case
of the module added in microsoft-foundry#261).
- Recovery: after running deleteCapHost.sh, redeploy with the flag set to
recreate the capability host declaratively.
When the flag is true, the module defaults the resource name to
'<accountName>@aml_aiagentservice' so the caphost matches the platform
convention regardless of how it was created.
createCapHost.sh is removed: a user-named curl script that PUTs an account
caphost competes with the implicit one in the default path and is fully
superseded by the new flag.
Changes:
- main.bicep: add 'createAccountCapabilityHost' bool (default false);
conditionally invoke add-account-capability-host; keep it in the project
caphost's dependsOn (no-op when condition is false).
- modules-network-secured/add-account-capability-host.bicep: restored;
default 'accountCapHost' is now '${accountName}@aml_aiagentservice'.
- createCapHost.sh: deleted (replaced by the flag).
- README.md: document the flag, the BYO/recovery scenarios, the platform
convention for the implicit caphost name; fix deleteCaphost.sh casing;
update module-structure listing.
- azuredeploy.json: regenerated via 'az bicep build'.
Model: Claude Opus 4.7
Authored-by: vtrika
(cherry picked from commit 9f40464f68b4f47bc60a64fe44c67808d09ebf14)
Contributor
|
👋 Thanks for your interest in contributing, @vtrika! This repository does not accept pull requests directly. If you'd like to report a bug, suggest an improvement, or propose a new sample, please open an issue instead. If you are a Microsoft-internal contributor, please submit your PR through foundry-samples-pr instead. See CONTRIBUTING.md for more details. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Template 15 (private-network-standard-agent-setup) was unconditionally provisioning the account-level capability host twice:
Only one capability host per account is allowed. The second PUT is rejected by agent-management, ARM keeps polling, and the deployment fails after the 1h resource-provisioning timeout.
This change makes the explicit caphost opt-in via a new boolean parameter 'createAccountCapabilityHost' (default false). The module is preserved for two legitimate scenarios:
When the flag is true, the module defaults the resource name to '@aml_aiagentservice' so the caphost matches the platform convention regardless of how it was created.
createCapHost.sh is removed: a user-named curl script that PUTs an account caphost competes with the implicit one in the default path and is fully superseded by the new flag.
Changes:
Model: Claude Opus 4.7
Authored-by: vtrika
(cherry picked from commit 9f40464f68b4f47bc60a64fe44c67808d09ebf14)