Enhance resource group naming with salt to avoid collisions and add t…

[banrahan]

fixes #8528

Mirrored PR #8488's salt approach to the resource group name:

Refactored ensureResourceTokenSalt to return its salt and added composeSaltedResourceGroupName + ensureResourceGroupName helpers that write a salted AZURE_RESOURCE_GROUP (e.g. rg-{envName}-{salt}) into the azd environment at new-project scaffold time.

The composition truncates the env name first so the 8-char salt is always preserved within Azure's 90-char RG limit, and the whole thing is best-effort/idempotent. Skipping when salt is empty or AZURE_RESOURCE_GROUP is already set, falling back cleanly to Bicep's original rg-${environmentName} default.

[Copilot]

Pull request overview

Updates the azure.ai.agents extension init flow to proactively avoid Azure Resource Group name collisions when multiple users (or multiple clones) scaffold the same template into the same subscription, by persisting and applying a random salt at project-scaffold time.

Changes:

• Refactors ensureResourceTokenSalt to return the persisted salt (or empty string on best-effort failure).
• Adds helpers to compose and persist a salted AZURE_RESOURCE_GROUP value (rg-{envName}-{salt}) while respecting Azure’s 90-char RG limit.
• Adds unit tests covering salted RG name composition and the new salt/RG persistence behaviors.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
cli/azd/extensions/azure.ai.agents/internal/cmd/init.go	Generates/persists a salt and (best-effort) writes a salted AZURE_RESOURCE_GROUP during new project scaffolding to reduce RG collisions.
cli/azd/extensions/azure.ai.agents/internal/cmd/init_test.go	Adds test coverage for salted RG name composition and env persistence behavior.

[kristenwomack]

Hey @banrahan, took a look at this. Reusing the salt pattern from #8488 keeps things consistent. Tests cover the edges: 78-char boundary, trailing dash/dot trimming, idempotence, skip-when-set, skip-when-empty-salt.

A few small things:

1. The comment on resourceGroupEnvKey is a little off (Copilot caught part of this):

   // resourceGroupEnvKey is the standard azd env var consumed by Bicep's
   // main.parameters.json (`"resourceGroupName": "${AZURE_RESOURCE_GROUP}"`).

   Two issues: the JSON shape is wrong — parameter files nest under parameters.<name>.value — and more importantly AZURE_RESOURCE_GROUP isn't just a substitution token. azd reads it directly to scope the deployment. Could you reword so the next person doesn't go looking for a parameter file? Something like "read by azd's Bicep provider to scope resource-group deployments" works.

2. Dead branch in composeSaltedResourceGroupName — the function handles salt == "" and there's a test for it, but the godoc says callers shouldn't pass an empty salt, and the only caller short-circuits before then. Either drop the branch and test, or drop the "not exercised" caveat in the comment.

3. Worth a CHANGELOG line — .env will now contain a salted RG name after init, where before it was empty (Bicep filled in the default). Anyone scripting against AZURE_RESOURCE_GROUP right after init will see something different.

Things I checked and are fine: 90-char limit math (3 + 78 + 1 + 8 = 90), the trailing . trim (Azure disallows RG names ending in .), skip-when-set preserving BYO / azd env set, and the random 8-hex salt giving ~4B combos so collisions between two users on the same sub are negligible.

Before this merges, I'd like @JeffreyCA or @vhvb1989 to give it a pass too.

Thanks for picking this up.