Skip to content

fix: Enhance local development setup and fix RBAC issues#141

Open
Harmanpreet-Microsoft wants to merge 4 commits intomicrosoft:devfrom
Harmanpreet-Microsoft:dev
Open

fix: Enhance local development setup and fix RBAC issues#141
Harmanpreet-Microsoft wants to merge 4 commits intomicrosoft:devfrom
Harmanpreet-Microsoft:dev

Conversation

@Harmanpreet-Microsoft
Copy link
Copy Markdown
Contributor

@Harmanpreet-Microsoft Harmanpreet-Microsoft commented Apr 24, 2026

Purpose

This pull request enhances the robustness and usability of the OneLake Index RBAC setup scripts and introduces a new script to validate local development prerequisites. The main improvements focus on reliably resolving and using Fabric workspace IDs (especially for BYO scenarios), improving error handling and logging, and providing a comprehensive pre-deployment validation tool.

Key changes include:

Fabric Workspace RBAC Handling Improvements:

  • The RBAC setup logic in 01_setup_rbac.ps1 now prefers the actual Fabric workspace ID (FABRIC_WORKSPACE_ID) over the display name, making role assignments more reliable and less prone to issues in BYO (Bring Your Own) workspace scenarios. The script now attempts to resolve the workspace ID from multiple sources before falling back to the display name. [1] [2]
  • The setup_ai_services_rbac.ps1 script now accepts an optional FabricWorkspaceId parameter. If provided, it uses this ID directly for role assignments, bypassing the previous fragile lookup by display name. This change also enhances logging to clarify which identifier is being used. [1] [2] [3] [4] [5] [6] [7]
  • The RBAC setup invocation and error messages in 01_setup_rbac.ps1 have been updated to include the workspace ID when available, improving transparency and troubleshooting. [1] [2]

Development Experience Enhancements:

  • Added a new script validate-prerequisites.ps1 that checks for required tools, repository state, Azure authentication, environment configuration, and feature readiness before deployment. This script helps developers catch common setup issues early, improving deployment reliability and onboarding experience.

These changes collectively make the deployment process more robust, especially in complex or BYO environments, and provide better guidance and diagnostics for developers.

  • ...

Does this introduce a breaking change?

  • Yes
  • No

Golden Path Validation

  • I have tested the primary workflows (the "golden path") to ensure they function correctly without errors.

Deployment Validation

  • I have validated the deployment process successfully and all services are running as expected with this change.

What to Check

Verify that the following are valid

  • ...

Other Information

Harmanpreet-Microsoft and others added 4 commits April 20, 2026 12:54
@Harmanpreet-Microsoft
Validate and fix local development setup
29fea10 
- Add scripts/validate-prerequisites.ps1 to check tool versions, git
  submodules, Azure auth, azd environment config, subscription alignment,
  and Fabric/Purview feature readiness before deployment
- Add .env.example as a documented reference of all environment variables
  used by azd and infra/main.bicepparam (not auto-loaded by azd)
- Add docs/local_development.md with step-by-step local setup guide,
  deployment instructions, troubleshooting, and recommended first-run config
- Update .devcontainer/devcontainer.json with postCreateCommand to
  auto-init submodules and run prerequisite validation on container creation
- Update README.md to reference the new local development guide

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@Harmanpreet-Microsoft
Merge branch 'dev' of https://github.com/microsoft/Deploy-Your-AI-App…
2c67390 
…lication-In-Production into dev
@Harmanpreet-Microsoft
fix: use workspace ID for Fabric RBAC in BYO mode
f4db7ca 
The RBAC script resolved workspace name from desiredFabricWorkspaceName
before FABRIC_WORKSPACE_NAME. In BYO mode these differ, causing the
Fabric API lookup to fail silently and skip the Contributor role grant.
The OneLake indexer then fails with 'access to the workspace was denied'.

Changes:
- 01_setup_rbac.ps1: Prefer FABRIC_WORKSPACE_NAME over
  desiredFabricWorkspaceName. Resolve FABRIC_WORKSPACE_ID and pass it.
- setup_ai_services_rbac.ps1: Accept -FabricWorkspaceId parameter.
  Use it directly for role assignment, skip displayName lookup.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@Harmanpreet-Microsoft
revert: restore devcontainer.json, .env.example, README.md, local_dev…
e369970 
…elopment.md to origin/dev state

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Avijit-Microsoft Avijit-Microsoft Awaiting requested review from Avijit-Microsoft Avijit-Microsoft is a code owner

@Roopan-Microsoft Roopan-Microsoft Awaiting requested review from Roopan-Microsoft Roopan-Microsoft is a code owner

@Prajwal-Microsoft Prajwal-Microsoft Awaiting requested review from Prajwal-Microsoft Prajwal-Microsoft is a code owner

@Vinay-Microsoft Vinay-Microsoft Awaiting requested review from Vinay-Microsoft Vinay-Microsoft is a code owner

@aniaroramsft aniaroramsft Awaiting requested review from aniaroramsft aniaroramsft is a code owner

@toherman-msft toherman-msft Awaiting requested review from toherman-msft toherman-msft is a code owner

@dgp10801 dgp10801 Awaiting requested review from dgp10801 dgp10801 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Harmanpreet-Microsoft