role

Author: seligj95

infra/main.bicep

@@ -179,22 +179,12 @@ resource appService 'Microsoft.Web/sites@2023-12-01' = {
   }
 }
 
-// Grant App Service access to Azure AI Foundry
-resource appServiceAIFoundryRole 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  name: guid(subscription().id, appService.id, aiFoundryResource.id, 'CognitiveServicesOpenAIUser')
+// Grant App Service Azure AI Project Manager role on AI Foundry resource (includes dataActions for Microsoft.CognitiveServices/*)
+resource appServiceAIProjectManagerRole 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(subscription().id, appService.id, aiFoundryResource.id, 'Azure AI Project Manager')
   scope: aiFoundryResource
   properties: {
-    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e0bd9bd-7b93-4f28-af87-19fc36ad61bd') // Cognitive Services OpenAI User
-    principalId: appService.identity.principalId
-    principalType: 'ServicePrincipal'
-  }
-}
-
-// Grant App Service Azure AI Developer role (required for Agents)
-resource appServiceAIDeveloperRole 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  name: guid(subscription().id, appService.id, 'AzureAIDeveloper')
-  properties: {
-    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '64702f94-c441-49e6-a78b-ef80e0188fee') // Azure AI Developer
+    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eadc314b-1a2d-4efa-be10-5d325db5065e') // Azure AI Project Manager
     principalId: appService.identity.principalId
     principalType: 'ServicePrincipal'
   }

main.py

@@ -41,23 +41,25 @@
 def get_azure_ai_project_endpoint():
     """Get Azure AI Project endpoint from environment variables"""
     azure_ai_endpoint = os.getenv('AZURE_AI_PROJECT_ENDPOINT')
+    azure_ai_project_name = os.getenv('AZURE_AI_PROJECT_NAME')
+    
     if not azure_ai_endpoint:
         raise ValueError("AZURE_AI_PROJECT_ENDPOINT environment variable is required")
+    if not azure_ai_project_name:
+        raise ValueError("AZURE_AI_PROJECT_NAME environment variable is required")
 
-    # Azure AI Foundry endpoint should be a direct URL
-    if azure_ai_endpoint.startswith('https://'):
-        return azure_ai_endpoint
+    # Extract the AI Foundry resource name from the endpoint
+    # Format: https://az-tda-foundry-wgznky2irncfe.cognitiveservices.azure.com/
+    if azure_ai_endpoint.startswith('https://') and 'cognitiveservices.azure.com' in azure_ai_endpoint:
+        # Extract resource name from URL
+        resource_name = azure_ai_endpoint.replace('https://', '').replace('.cognitiveservices.azure.com/', '').replace('.cognitiveservices.azure.com', '')
+        # Format for Azure AI Agents: https://<resource-name>.services.ai.azure.com/api/projects/<project-name>
+        agents_endpoint = f"https://{resource_name}.services.ai.azure.com/api/projects/{azure_ai_project_name}"
+        return agents_endpoint
 
-    # Handle legacy Azure ML format if still present
-    if ';' in azure_ai_endpoint:
-        # Format: "westus.api.azureml.ms;subscription;resourcegroup;projectname"
-        parts = azure_ai_endpoint.split(';')
-        if len(parts) >= 4:
-            # Extract region from "westus.api.azureml.ms"
-            region = parts[0].split('.')[0]
-            project_name = parts[3]
-            return (f"https://{region}.api.azureml.ms/api/projects/"
-                    f"{project_name}")
+    # If already in correct format, return as-is
+    if '/api/projects/' in azure_ai_endpoint:
+        return azure_ai_endpoint
 
     raise ValueError(f"Invalid AZURE_AI_PROJECT_ENDPOINT format: {azure_ai_endpoint}")