@@ -26,6 +26,72 @@ $aiSearchIndexForContractSummary = ""
2626$aiSearchIndexForContractRisk = " "
2727$aiSearchIndexForContractCompliance = " "
2828$azSubscriptionId = " "
29+ $stIsPublicAccessDisabled = $false
30+ $srchIsPublicAccessDisabled = $false
31+
32+ # Cleanup function to restore network access
33+ function Restore-NetworkAccess {
34+ if ($script :ResourceGroup -and $script :storageAccount -and $script :aiSearch ) {
35+ # Check resource group tag
36+ $rgTypeTag = (az group show -- name $script :ResourceGroup -- query " tags.Type" - o tsv 2> $null )
37+
38+ if ($rgTypeTag -eq " WAF"
39+ if ($script :stIsPublicAccessDisabled -eq $true -or $script :srchIsPublicAccessDisabled -eq $true ) {
40+ Write-Host " === Restoring network access settings ==="
41+ }
42+
43+ if ($script :stIsPublicAccessDisabled -eq $true ) {
44+ $currentAccess = $ (az storage account show -- name $script :storageAccount -- resource- group $script :ResourceGroup -- query " publicNetworkAccess" - o tsv 2> $null )
45+ if ($currentAccess -eq " Enabled"
46+ Write-Host " Disabling public access for Storage Account: $ ( $script :storageAccount ) "
47+ az storage account update -- name $script :storageAccount -- public- network- access disabled -- default- action Deny -- output none 2> $null
48+ Write-Host " ✓ Storage Account public access disabled"
49+ } else {
50+ Write-Host " ✓ Storage Account access unchanged (already at desired state)"
51+ }
52+ } else {
53+ if ($script :ResourceGroup ) {
54+ $checkTag = (az group show -- name $script :ResourceGroup -- query " tags.Type" - o tsv 2> $null )
55+ if ($checkTag -eq " WAF"
56+ if ($script :stIsPublicAccessDisabled -eq $false -and $script :srchIsPublicAccessDisabled -eq $false ) {
57+ Write-Host " === Restoring network access settings ==="
58+ }
59+ Write-Host " ✓ Storage Account access unchanged (already at desired state)"
60+ }
61+ }
62+ }
63+
64+ if ($script :srchIsPublicAccessDisabled -eq $true ) {
65+ $currentAccess = $ (az search service show -- name $script :aiSearch -- resource- group $script :ResourceGroup -- query " publicNetworkAccess" - o tsv 2> $null )
66+ if ($currentAccess -eq " Enabled"
67+ Write-Host " Disabling public access for AI Search Service: $ ( $script :aiSearch ) "
68+ az search service update -- name $script :aiSearch -- resource- group $script :ResourceGroup -- public- network- access disabled -- output none 2> $null
69+ Write-Host " ✓ AI Search Service public access disabled"
70+ } else {
71+ Write-Host " ✓ AI Search Service access unchanged (already at desired state)"
72+ }
73+ } else {
74+ if ($script :ResourceGroup ) {
75+ $checkTag = (az group show -- name $script :ResourceGroup -- query " tags.Type" - o tsv 2> $null )
76+ if ($checkTag -eq " WAF"
77+ Write-Host " ✓ AI Search Service access unchanged (already at desired state)"
78+ }
79+ }
80+ }
81+
82+ if ($script :stIsPublicAccessDisabled -eq $true -or $script :srchIsPublicAccessDisabled -eq $true ) {
83+ Write-Host " =========================================="
84+ } else {
85+ if ($script :ResourceGroup ) {
86+ $checkTag = (az group show -- name $script :ResourceGroup -- query " tags.Type" - o tsv 2> $null )
87+ if ($checkTag -eq " WAF"
88+ Write-Host " =========================================="
89+ }
90+ }
91+ }
92+ }
93+ }
94+ }
2995
3096function Test-AzdInstalled {
3197 try {
@@ -148,6 +214,8 @@ function Get-ValuesFromAzDeployment {
148214 return $true
149215}
150216
217+ # Main script execution with cleanup handling
218+ try {
151219# Authenticate with Azure
152220try {
153221 $null = az account show 2> $null
@@ -425,32 +493,90 @@ $srchIsPublicAccessDisabled = $false
425493# Enable public access for resources
426494if ($useCaseSelection -eq " 1" -or $useCaseSelection -eq " 2" -or $useCaseSelection -eq " 5" -or $useCaseSelection -eq " all" -or $useCaseSelection -eq " 6"
427495 if ($ResourceGroup ) {
428- $stPublicAccess = $ (az storage account show -- name $storageAccount -- resource- group $ResourceGroup -- query " publicNetworkAccess" - o tsv)
429- if ($stPublicAccess -eq " Disabled"
430- $stIsPublicAccessDisabled = $true
431- Write-Host " Enabling public access for storage account: $storageAccount "
432- az storage account update -- name $storageAccount -- public- network- access enabled -- default- action Allow -- output none
433- if ($LASTEXITCODE -ne 0 ) {
434- Write-Host " Error: Failed to enable public access for storage account."
435- exit 1
496+ # Check if resource group has Type=WAF tag
497+ $rgTypeTag = (az group show -- name $ResourceGroup -- query " tags.Type" - o tsv 2> $null )
498+
499+ if ($rgTypeTag -eq " WAF"
500+ Write-Host " "
501+ Write-Host " === Temporarily enabling public network access for services ==="
502+ $stPublicAccess = $ (az storage account show -- name $storageAccount -- resource- group $ResourceGroup -- query " publicNetworkAccess" - o tsv)
503+ if ($stPublicAccess -eq " Disabled"
504+ $stIsPublicAccessDisabled = $true
505+ Write-Host " Enabling public access for Storage Account: $storageAccount "
506+ az storage account update -- name $storageAccount -- public- network- access enabled -- default- action Allow -- output none
507+ if ($LASTEXITCODE -ne 0 ) {
508+ Write-Host " Error: Failed to enable public access for storage account."
509+ exit 1
510+ }
511+
512+ # Wait 30 seconds for the change to propagate
513+ Write-Host " Waiting 30 seconds for public access to be enabled..."
514+ Start-Sleep - Seconds 30
515+
516+ # Verify public access is enabled in a loop
517+ Write-Host " Verifying public access is enabled..."
518+ $maxRetries = 10
519+ $retryCount = 0
520+ while ($retryCount -lt $maxRetries ) {
521+ $currentAccess = $ (az storage account show -- name $storageAccount -- resource- group $ResourceGroup -- query " publicNetworkAccess" - o tsv)
522+ if ($currentAccess -eq " Enabled"
523+ Write-Host " ✓ Storage Account public access enabled successfully"
524+ break
525+ } else {
526+ Write-Host " Public access not yet enabled (attempt $ ( $retryCount + 1 ) /$maxRetries ). Waiting 5 seconds..."
527+ Start-Sleep - Seconds 5
528+ $retryCount ++
529+ }
530+ }
531+
532+ if ($retryCount -eq $maxRetries ) {
533+ Write-Host " Warning: Public access verification timed out for storage account."
534+ }
535+ } else {
536+ Write-Host " ✓ Storage Account public access already enabled"
436537 }
437538 }
438- else {
439- Write-Host " Public access is already enabled for storage account: $storageAccount "
440- }
441539
442- $srchPublicAccess = $ (az search service show -- name $aiSearch -- resource- group $ResourceGroup -- query " publicNetworkAccess" - o tsv)
443- if ($srchPublicAccess -eq " Disabled"
444- $srchIsPublicAccessDisabled = $true
445- Write-Host " Enabling public access for search service: $aiSearch "
446- az search service update -- name $aiSearch -- resource- group $ResourceGroup -- public- network- access enabled -- output none
447- if ($LASTEXITCODE -ne 0 ) {
448- Write-Host " Error: Failed to enable public access for search service."
449- exit 1
540+ if ($rgTypeTag -eq " WAF"
541+ $srchPublicAccess = $ (az search service show -- name $aiSearch -- resource- group $ResourceGroup -- query " publicNetworkAccess" - o tsv)
542+ if ($srchPublicAccess -eq " Disabled"
543+ $srchIsPublicAccessDisabled = $true
544+ Write-Host " Enabling public access for AI Search Service: $aiSearch "
545+ az search service update -- name $aiSearch -- resource- group $ResourceGroup -- public- network- access enabled -- output none
546+ if ($LASTEXITCODE -ne 0 ) {
547+ Write-Host " Error: Failed to enable public access for search service."
548+ exit 1
549+ }
550+ Write-Host " Public access enabled"
551+
552+ # Wait 30 seconds for the change to propagate
553+ Write-Host " Waiting 30 seconds for public access to be enabled..."
554+ Start-Sleep - Seconds 30
555+
556+ # Verify public access is enabled in a loop
557+ Write-Host " Verifying public access is enabled..."
558+ $maxRetries = 10
559+ $retryCount = 0
560+ while ($retryCount -lt $maxRetries ) {
561+ $currentAccess = $ (az search service show -- name $aiSearch -- resource- group $ResourceGroup -- query " publicNetworkAccess" - o tsv)
562+ if ($currentAccess -eq " Enabled"
563+ Write-Host " ✓ AI Search Service public access enabled successfully"
564+ break
565+ } else {
566+ Write-Host " Public access not yet enabled (attempt $ ( $retryCount + 1 ) /$maxRetries ). Waiting 5 seconds..."
567+ Start-Sleep - Seconds 5
568+ $retryCount ++
569+ }
570+ }
571+
572+ if ($retryCount -eq $maxRetries ) {
573+ Write-Host " Warning: Public access verification timed out for search service."
574+ }
575+ } else {
576+ Write-Host " ✓ AI Search Service public access already enabled"
450577 }
451- }
452- else {
453- Write-Host " Public access is already enabled for search service: $AiSearch "
578+ Write-Host " ==========================================================="
579+ Write-Host " "
454580 }
455581 }
456582}
@@ -661,26 +787,6 @@ if($useCaseSelection -eq "2" -or $useCaseSelection -eq "all" -or $useCaseSelecti
661787 Write-Host " Python script to index data for Retail Customer Satisfaction successfully executed."
662788}
663789
664-
665- # disable public access for resources
666- if ($stIsPublicAccessDisabled ) {
667- Write-Host " Disabling public access for storage account: $StorageAccount "
668- az storage account update -- name $StorageAccount -- public- network- access disabled -- default- action Deny -- output none
669- if ($LASTEXITCODE -ne 0 ) {
670- Write-Host " Error: Failed to disable public access for storage account."
671- exit 1
672- }
673- }
674-
675- if ($srchIsPublicAccessDisabled ) {
676- Write-Host " Disabling public access for search service: $AiSearch "
677- az search service update -- name $AiSearch -- resource- group $ResourceGroup -- public- network- access disabled -- output none
678- if ($LASTEXITCODE -ne 0 ) {
679- Write-Host " Error: Failed to disable public access for search service."
680- exit 1
681- }
682- }
683-
684790Write-Host " Script executed successfully. Sample Data Processed Successfully."
685791
686792if ($isTeamConfigFailed -or $isSampleDataFailed ) {
@@ -694,3 +800,9 @@ if ($isTeamConfigFailed -or $isSampleDataFailed) {
694800 }
695801
696802}
803+
804+ } finally {
805+ # Cleanup: Restore network access
806+ Write-Host " Performing cleanup..."
807+ Restore-NetworkAccess
808+ }
0 commit comments