Skip to content

feat: WAF Implementation for CKM#593

Merged
Roopan-Microsoft merged 46 commits intomainfrom
dev
Sep 18, 2025
Merged

feat: WAF Implementation for CKM#593
Roopan-Microsoft merged 46 commits intomainfrom
dev

Conversation

@Harsh-Microsoft
Copy link
Contributor

@Harsh-Microsoft Harsh-Microsoft commented Sep 18, 2025

Purpose

This pull request introduces significant improvements to the deployment configuration, parameterization, and documentation for the solution accelerator. The primary focus is on aligning with Azure Well-Architected Framework (WAF) best practices, enhancing environment flexibility, and updating image tag conventions. Key changes include the addition of a WAF-aligned deployment option, restructuring of deployment parameters, and new infrastructure modules for better resource management.

Deployment and Parameterization Enhancements:

  • Added a new infra/main.waf.parameters.json file to enable WAF-aligned, production-ready deployments with enhanced security, monitoring, scalability, and private networking. This allows users to choose between a default sandbox environment and a WAF-aligned configuration. [1] [2]
  • Refactored infra/main.parameters.json to improve parameter naming, add support for separate backend/frontend image tags, and align with new environment variable conventions (e.g., solutionName, azureAiServiceLocation, gptModelDeploymentType, etc.). [1] [2]
  • Updated GitHub Actions workflows (.github/workflows/deploy-KMGeneric.yml, .github/workflows/docker-build.yml) to use the new latest_waf image tag convention and updated parameter names for deployments. [1] [2]

Infrastructure Modules:

  • Added a new Bicep module infra/modules/deploy_aifp_aisearch_connection.bicep for establishing connections between Azure AI Foundry Projects and Azure Cognitive Search resources, supporting improved integration and automation.
  • Introduced infra/modules/keyVaultExport.bicep to automate exporting and referencing secrets in Azure Key Vault, improving security and manageability of sensitive data.

Documentation Updates:

  • Expanded deployment documentation (documents/DeploymentGuide.md, documents/CustomizingAzdParameters.md) to explain the new WAF-aligned deployment option, updated default image tag to latest_waf, and clarified parameter usage for both sandbox and production scenarios. [1] [2] [3]

These changes collectively make the deployment process more robust, secure, and adaptable for different environments, while also improving clarity and maintainability.

References: [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]

Does this introduce a breaking change?

  • Yes
  • No

Golden Path Validation

  • I have tested the primary workflows (the "golden path") to ensure they function correctly without errors.

Deployment Validation

  • I have validated the deployment process successfully and all services are running as expected with this change.

What to Check

Verify that the following are valid

  • ...

Other Information

Rafi-Microsoft and others added 30 commits August 22, 2025 21:45
@Rafi-Microsoft
working code v1
27c8d12
@Rafi-Microsoft
working code v2
32f19dc
@Rafi-Microsoft
till appservice
149c12e
@Rafi-Microsoft
till backend app service
d747bd2
@Rafi-Microsoft
till validation start
732ac78
@Rafi-Microsoft
till search service
fc06b46
@Rafi-Microsoft
till deployment scripts
0d5c3f7
@Rafi-Microsoft
updated ai search service name issue
388015a
@Abdul-Microsoft
refactor: rename web app module and update container image configuration
7acf094
@Rafi-Microsoft
updated frontend and backend appservices
f612ea6
@Abdul-Microsoft
adding test code
f6cc5c6
@Abdul-Microsoft
testig code
f98d859
@Abdul-Microsoft
feat: add secrets for Azure Cosmos DB and OpenAI configurations in Ke…
85395e4 
…y Vault
@Rafi-Microsoft
added roles for search service
06e7854
@Abdul-Microsoft
fix: update OpenAI endpoint and add SQL database parameters in Key Va…
c101e76 
…ult configuration
@Rafi-Microsoft
test script back to riginal
e504d9a
@Abdul-Microsoft
fix: update Azure OpenAI endpoint and AI agent endpoint configurations
edbf43d
@Rafi-Microsoft
non waf working code
17d1490
@Rafi-Microsoft
working waf
69f41f0
@Pavan-Microsoft
Remove SecurityControl tag from properties
e84003e
@Rafi-Microsoft
removed commented code
f25b31f
@Rafi-Microsoft
added exp
9cb34fb
@Rafi-Microsoft
updated main.bicep
7341068
@Rafi-Microsoft
added waf parameters.json
e6d6904
@Rafi-Microsoft
added manual scripts
f90bb51
@Rafi-Microsoft
updated waf params
b4ceccc
@Rafi-Microsoft
updated Readme
625a506
@Abdul-Microsoft
Refactor SQL database module configuration: streamline parameters, ad…
2d27480 
…just SKU settings, and remove sql elastic pool
@Abdul-Microsoft
Fix parameter reference for Log Analytics Workspace ID and update AI …
dbc641c 
…project resource ID in configuration files
@Rafi-Microsoft
added private endpoint to content understanding
0700e78
Abdul-Microsoft and others added 13 commits September 11, 2025 18:33
@Abdul-Microsoft
created subnet for deployment script
b5aa3fd
@Abdul-Microsoft
deployscript testing code
80a1221
@Abdul-Microsoft
Enhance Bicep templates and Python scripts: add private endpoint conf…
2181dfd 
…igurations for DFS and streamline deployment script parameters
@Prajwal-Microsoft
fix: Allowed Azure services to connect to foundry
3a94555
@Abdul-Microsoft
refactor the bicep files
542140d
@Abdul-Microsoft
Merge remote-tracking branch 'origin/dev' into psl-wafstandardization
9a38b71
@Abdul-Microsoft
resolved pylint issues
0e0bb80
@Abdul-Microsoft
fix: Correct indentation and variable naming for key vault in main.bicep
b6d8d60
@Abdul-Microsoft
fix: Enhance chart response handling to manage empty or undefined ans…
9945264 
…wers
@Prajwal-Microsoft
Merge pull request #591 from microsoft/psl-wafstandardization
b6463fa 
feat: Merging the AVM WAF changes into dev
@Harsh-Microsoft
fix: Update image tags to use 'latest_waf' for backend and frontend d…
76ffab9 
…eployments
@Harsh-Microsoft
rebuild main.json
14d72ee
@Prajwal-Microsoft
Merge pull request #592 from microsoft/hb-waf-tag-update
0185648 
ci: update image tag to latest_waf
@Roopan-Microsoft Roopan-Microsoft merged commit 599e4f6 into main Sep 18, 2025
10 checks passed
@github-actions
Copy link
Contributor

github-actions bot commented Sep 18, 2025

🎉 This PR is included in version 3.14.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Roopan-Microsoft Roopan-Microsoft Roopan-Microsoft approved these changes

@Avijit-Microsoft Avijit-Microsoft Awaiting requested review from Avijit-Microsoft Avijit-Microsoft is a code owner

@Prajwal-Microsoft Prajwal-Microsoft Awaiting requested review from Prajwal-Microsoft Prajwal-Microsoft is a code owner

@aniaroramsft aniaroramsft Awaiting requested review from aniaroramsft aniaroramsft is a code owner

@brittneek brittneek Awaiting requested review from brittneek brittneek is a code owner

@Vinay-Microsoft Vinay-Microsoft Awaiting requested review from Vinay-Microsoft Vinay-Microsoft is a code owner

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@Harsh-Microsoft @Roopan-Microsoft @Rafi-Microsoft @Abdul-Microsoft @Pavan-Microsoft @Prajwal-Microsoft