feat: replace role name with GUID#660
Draft
Ayaz-Microsoft wants to merge 2 commits into
Draft
Conversation
Ayaz-Microsoft
requested review from
Avijit-Microsoft,
Dongbumlee,
Roopan-Microsoft,
aniaroramsft,
dgp10801,
nchandhi and
toherman-msft
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
This PR primarily hardens Azure RBAC role assignments in the infrastructure templates by replacing built-in role names with their corresponding role definition GUIDs, improving deployment reliability across regions/subscriptions. It also updates the quota-check defaults/documentation to use a newer OpenAI model and higher default capacity.
Changes:
- Replace Azure built-in role names with role definition GUIDs in
infra/main.bicep(and the generatedinfra/main.json). - Update quota-check documentation and the Bash quota-check script default model/capacity to
gpt4.1-mini:150.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| infra/main.bicep | Swaps RBAC role names for role GUIDs in role assignments (with inline comments preserving readability). |
| infra/main.json | Regenerated ARM JSON reflecting the GUID-based role assignments (plus updated template hash). |
| docs/QuotaCheck.md | Updates default model references/commands for quota validation. |
| Deployment/quota_check_params.sh | Changes default model/capacity pair used for quota checks. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Ayaz-Microsoft
temporarily deployed
to
production
GitHub Actions
Inactive
Ayaz-Microsoft
temporarily deployed
to
production
GitHub Actions
Inactive
Ayaz-Microsoft
temporarily deployed
to
production
GitHub Actions
Inactive
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Purpose
This PR replaces role name string with respective GUIDs.
Currently, the Bicep infrastructure templates use role names (strings) for Azure built-in role assignments. This approach can be unreliable due to:
Role name variations across regions
Potential future role name changes
Subscription-specific role name issues (especially with PSL subscriptions)
To ensure consistent and reliable deployments across all Azure subscriptions and regions, I replace role names with their corresponding GUIDs.
Does this introduce a breaking change?
Golden Path Validation
Deployment Validation
What to Check
Verify that the following are valid
Other Information