CMK private standard agent setup

.infra/pytest_plugins/changed_samples/build/lib/pytest_changed_samples/plugin.py

@@ -12,9 +12,12 @@
 WORKING_TREE_CHANGES_OPTION = "--changed-samples-only"
 PR_CHANGES_OPTION = "--changed-samples-only-from"
 
+
 def is_plugin_active(config: pytest.Config) -> bool:
+    """Return whether any of the plugin provided options were provided on commandline."""
     return get_diff_paths_function(config) is not None
 
+
 def pytest_addoption(parser: pytest.Parser) -> None:
     parser.addoption(
         WORKING_TREE_CHANGES_OPTION,
@@ -44,6 +47,7 @@ def pytest_configure(config: pytest.Config) -> None:
 
 @pytest.hookimpl(hookwrapper=True)
 def pytest_collection(session: pytest.Session) -> None:
+    """Set up path filtering based on git diff."""
     config = session.config
     diff_path_trie = Trie()
 
@@ -65,6 +69,7 @@ def pytest_collection(session: pytest.Session) -> None:
 
 
 def pytest_ignore_collect(collection_path: Path, config: pytest.Config) -> Optional[bool]:
+    """Ignore paths that were not touched by the current git diff."""
     if DIFF_PATH_TRIE_KEY not in config.stash:
         # Occurs when calling `pytest --fixtures`
         return None
@@ -80,6 +85,7 @@ def pytest_ignore_collect(collection_path: Path, config: pytest.Config) -> Optio
     # Either definitely ignore this path, or defer decision to other plugins
     return (not diff_path_trie.is_prefix(ignore_dir.resolve().parts)) or None
 
+
 @pytest.hookimpl(trylast=True)
 def pytest_sessionfinish(session: pytest.Session, exitstatus: int) -> None:
     if not is_plugin_active(session.config):
@@ -88,6 +94,7 @@ def pytest_sessionfinish(session: pytest.Session, exitstatus: int) -> None:
     if exitstatus == pytest.ExitCode.NO_TESTS_COLLECTED:
         session.exitstatus = pytest.ExitCode.OK
 
+
 def get_diff_paths_function(config: pytest.Config) -> Optional[Callable[[], Iterable[Path]]]:
     """Get the function that returns paths present in a diff specfied by cmdline arguments
 

infrastructure/infrastructure-setup-bicep/33-customer-managed-keys-private-network-standard-agent/README.md

@@ -0,0 +1,51 @@
+---
+description: This template deploys an Azure AI Foundry account, project, and model deployment while using your key for encryption (Customer Managed Key) in full private setup.
+page_type: sample
+products:
+- azure
+- azure-resource-manager
+urlFragment: aifoundry-cmk
+languages:
+- bicep
+- json
+---
+# Set up Azure AI Foundry using Customer Managed Keys for encryption
+
+This Azure AI Foundry template demonstrates how to deploy AI Foundry with Agents private network standard setup and customer-managed keys for encryption.
+
+## Prerequisites
+
+* An existing Azure Key Vault resource. This sample template does not create it.
+* You must enable both the Soft Delete and Do Not Purge properties on the existing Azure Key Vault instance.
+* If you use the Key Vault firewall, you must allow trusted Microsoft services to access the Azure Key Vault.
+* The template uses RBAC roles for keyvault and assign the identity of the AI Foundry account and global cosmos DB account "Key Vault Crypto Service Encryption User" permission on keyvault
+* Only RSA and RSA-HSM keys of size 2048 are supported. For more information about keys, see Key Vault keys in 
+
+## Features
+This template provides same features in template `15-private-network-standard-agent-setup` for selecting existing resources, different subscription dns zones and all other features and it combines it with the encryption configuration from template `31-customer-managed-keys-standard-agent` for the standard setup but adding over the private network setup.
+
+The current templates provides the following:
+- `30-customer-managed-keys` : provides a sample on creating CMK foundry over basic setup and system-assigned managed identity
+- `31-customer-managed-keys-standard-agent`: provides a sample on creating CMK foundry over public standard setup (where AI foundry and its dependent resource all have public network access enabled) and system-assigned managed identity
+- `32-customer-managed-keys-user-assigned-identity`: provides a sample on creating CMK foundry over basic setup and user-assigned managed identity
+- `33-customer-managed-keys-private-network-standard-agent`: provides a sample on creating CMK foundry over private network standard setup (where AI foundry has network injection on the same VNET as the dependent resources are connected to) and system-assigned managed identity
+
+## Run the Bicep deployment commands
+
+Steps:
+   ```bash
+   az deployment group create --resource-group <your-resource-group> --template-file main.bicep --parameters main.bicepparam
+   ```
+
+
+## Learn more
+If you are new to Azure AI Foundry, see:
+
+- [Azure AI Foundry](https://learn.microsoft.com/azure/ai-foundry/)
+
+If you are new to template deployment, see:
+
+- [Azure Resource Manager documentation](https://learn.microsoft.com/azure/azure-resource-manager/)
+- [Azure AI services quickstart article](https://learn.microsoft.com/azure/cognitive-services/resource-manager-template)
+
+`Tags: Microsoft.CognitiveServices/accounts/projects`