Skip to content

chore: Add tags in resource group when deployment is in pre-provision state #156

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
NirajC-Microsoft wants to merge 2 commits into from
Closed

chore: Add tags in resource group when deployment is in pre-provision state #156

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8643a4e
Add tags in resource group when deployment is in pre-provision state
NirajC-Microsoft May 15, 2026
d8eb3c8
Resolve Copilot comment
NirajC-Microsoft May 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions infra/main.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -218,10 +218,12 @@ resource resourceGroupTags 'Microsoft.Resources/tags@2025-04-01' = {
tags: union(
deploymentTags,
{
'azd-env-name': environmentName
TemplateName: 'Deploy Your AI Application in Prod'
Type: networkIsolation ? 'WAF' : 'Non-WAF'
CreatedBy: createdBy
DeploymentName: deployment().name
Location: location
}
)
}
Expand Down
51 changes: 51 additions & 0 deletions scripts/preprovision-integrated.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -194,6 +194,57 @@ if ([string]::IsNullOrWhiteSpace($Location) -or [string]::IsNullOrWhiteSpace($Re
exit 1
}

# ========================================
# [0] Pre-create resource group with tags
# ========================================
Write-Host "[0] Ensuring resource group exists with tags..." -ForegroundColor Cyan

# Determine CreatedBy (matches Bicep logic: UPN prefix or objectId)
$createdBy = $null
try {
$upn = (& az ad signed-in-user show --query userPrincipalName -o tsv 2>$null)
if (-not [string]::IsNullOrWhiteSpace($upn)) {
$createdBy = $upn.Split('@')[0]
}
} catch { }
if ([string]::IsNullOrWhiteSpace($createdBy)) {
try {
$createdBy = (& az ad signed-in-user show --query id -o tsv 2>$null)
} catch { }
}
if ([string]::IsNullOrWhiteSpace($createdBy)) {
$createdBy = $env:USERNAME
Comment thread
NirajC-Microsoft marked this conversation as resolved.
}

# Type tag based on networkIsolation setting
$networkIsolationValue = $env:NETWORK_ISOLATION
Comment thread
NirajC-Microsoft marked this conversation as resolved.
$typeTag = if ($networkIsolationValue -eq 'true') { 'WAF' } else { 'Non-WAF' }

$rgTags = @(
"TemplateName=Deploy Your AI Application in Prod"
"Type=$typeTag"
"CreatedBy=$createdBy"
"Location=$($env:AZURE_LOCATION)"
Comment thread
NirajC-Microsoft marked this conversation as resolved.
)

$rgExists = (& az group exists --name $ResourceGroup --subscription $SubscriptionId 2>$null)
if ($rgExists -eq 'true') {
# RG exists — merge tags without removing existing ones
& az tag update `
--resource-id "/subscriptions/$SubscriptionId/resourceGroups/$ResourceGroup" `
--operation Merge `
--tags @rgTags `
--only-show-errors | Out-Null
Comment thread
NirajC-Microsoft marked this conversation as resolved.
}

if ($LASTEXITCODE -ne 0) {
Write-Host "[X] Failed to create/update resource group '$ResourceGroup' with tags." -ForegroundColor Red
exit 1
}

Write-Host " [+] Resource group '$ResourceGroup' ready with tags" -ForegroundColor Green
Write-Host ""

# Navigate to AI Landing Zone submodule
$aiLandingZonePath = Join-Path $PSScriptRoot ".." "submodules" "ai-landing-zone"

Expand Down
45 changes: 45 additions & 0 deletions scripts/preprovision-integrated.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,51 @@ if [ -z "${AZURE_LOCATION}" ] || [ -z "${AZURE_RESOURCE_GROUP}" ] || [ -z "${AZU
exit 1
fi

# ========================================
# [0] Pre-create resource group with tags
# ========================================
echo "[0] Ensuring resource group exists with tags..."

# Determine CreatedBy (matches Bicep logic: UPN prefix or objectId)
CREATED_BY=""
CREATED_BY="$(az ad signed-in-user show --query userPrincipalName -o tsv 2>/dev/null | cut -d@ -f1 || true)"
if [ -z "$CREATED_BY" ]; then
CREATED_BY="$(az ad signed-in-user show --query id -o tsv 2>/dev/null || true)"
fi
if [ -z "$CREATED_BY" ]; then
CREATED_BY="${USER:-unknown}"
fi
Comment thread
NirajC-Microsoft marked this conversation as resolved.

# Type tag based on networkIsolation setting
NETWORK_ISOLATION_VALUE="${NETWORK_ISOLATION:-false}"
if [ "$NETWORK_ISOLATION_VALUE" = "true" ]; then
TYPE_TAG="WAF"
else
TYPE_TAG="Non-WAF"
fi

RG_EXISTS="$(az group exists --name "$AZURE_RESOURCE_GROUP" --subscription "$AZURE_SUBSCRIPTION_ID" 2>/dev/null || echo 'false')"
if [ "$RG_EXISTS" = "true" ]; then
# RG exists — merge tags without removing existing ones
az tag update \
--resource-id "/subscriptions/$AZURE_SUBSCRIPTION_ID/resourceGroups/$AZURE_RESOURCE_GROUP" \
--operation Merge \
--tags \
"TemplateName=Deploy Your AI Application in Prod" \
"Type=$TYPE_TAG" \
"CreatedBy=$CREATED_BY" \
"Location=$AZURE_LOCATION" \
--only-show-errors > /dev/null
fi

if [ $? -ne 0 ]; then
echo "[X] Failed to update resource group '$AZURE_RESOURCE_GROUP' with tags."
exit 1
fi

echo " [+] Resource group '$AZURE_RESOURCE_GROUP' ready with tags"
echo ""

# Check if submodule exists
AI_LANDING_ZONE_PATH="$REPO_ROOT/submodules/ai-landing-zone/bicep"

Expand Down
Loading