Merge pull request #338 from microsoft/psl-fixPrincipalTypeIssue

fix: add principalType as 'ServicePrincipal' for role assignments

Author: Prajwal-Microsoft

infra/modules/role.bicep

@@ -29,6 +29,7 @@ resource aiUserAccessFoundry 'Microsoft.Authorization/roleAssignments@2022-04-01
   properties: {
     roleDefinitionId: aiUser.id
     principalId: principalId
+    principalType: 'ServicePrincipal'
   }
 }
 
@@ -38,6 +39,7 @@ resource aiDeveloperAccessFoundry 'Microsoft.Authorization/roleAssignments@2022-
   properties: {
     roleDefinitionId: aiDeveloper.id
     principalId: principalId
+    principalType: 'ServicePrincipal'
   }
 }
 
@@ -47,5 +49,6 @@ resource cognitiveServiceOpenAIUserAccessFoundry 'Microsoft.Authorization/roleAs
   properties: {
     roleDefinitionId: cognitiveServiceOpenAIUser.id
     principalId: principalId
+    principalType: 'ServicePrincipal'
   }
 }

infra/old/deploy_ai_foundry.bicep

@@ -169,6 +169,7 @@ resource aiDevelopertoAIProject 'Microsoft.Authorization/roleAssignments@2022-04
   properties: {
     roleDefinitionId: aiDeveloper.id
     principalId: aiHubProject.identity.principalId
+    principalType: 'ServicePrincipal'
   }
 }
 

infra/old/main.bicep

@@ -680,6 +680,7 @@ module aiFoundryStorageAccount 'br/public:avm/res/storage/storage-account:0.18.2
       {
         principalId: userAssignedIdentity.outputs.principalId
         roleDefinitionIdOrName: 'Storage Blob Data Contributor'
+        principalType: 'ServicePrincipal'
       }
     ]
   }
@@ -760,6 +761,7 @@ module aiFoundryAiProject 'br/public:avm/res/machine-learning-services/workspace
         principalId: containerApp.outputs.?systemAssignedMIPrincipalId!
         // Assigning the role with the role name instead of the role ID freezes the deployment at this point
         roleDefinitionIdOrName: '64702f94-c441-49e6-a78b-ef80e0188fee' //'Azure AI Developer'
+        principalType: 'ServicePrincipal'
       }
     ]
   }