Skip to content

Update infra: gpt-4.1 models, AVM versions, secure password#59

Closed
diberry wants to merge 1 commit into
Azure-Samples:mainfrom
diberry:squad/infra-model-update
Closed

Update infra: gpt-4.1 models, AVM versions, secure password#59
diberry wants to merge 1 commit into
Azure-Samples:mainfrom
diberry:squad/infra-model-update

Conversation

@diberry

@diberry diberry commented Mar 19, 2026

Copy link
Copy Markdown
Collaborator

Changes

  • Model updates: Upgraded to gpt-4.1 models
  • AVM version bumps: Updated Azure Verified Module versions to latest
  • API version: Updated to current API version
  • Secure password: Replaced hardcoded password with secure generated password

@diberry
Update infra: gpt-4.1 models, AVM versions, API version, secure password
ebd60f2 
- Models: gpt-4o-mini -> gpt-4.1-mini, gpt-4o -> gpt-4.1 (version 2025-04-14)
- API version: 2024-08-01-preview -> 2025-04-01-preview for chat/synth
- AVM: managed-identity 0.4.0 -> 0.5.0, cognitive-services 0.7.1 -> 0.14.0
- Security: Remove hardcoded password, use readEnvironmentVariable()
- Embedding model (text-embedding-3-small) unchanged
- DocumentDB raw Bicep retained (AVM module uses preview API, not GA)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@diberry

diberry commented Mar 31, 2026

Copy link
Copy Markdown
Collaborator Author

🔄 Squad Review — PR #59 (Infra Update - gpt-4.1 Models)

Reviewers: Drummer (Tech Review), Amos (Sample Dev)

⚠️ Approved with finding

Drummer (Tech Reviewer):

  • Model updates: gpt-4o-minigpt-4.1-mini, gpt-4ogpt-4.1 — correct upgrade path
  • AVM version bumps: managed-identity 0.4.00.5.0, cognitive-services 0.7.10.14.0 — good maintenance
  • API version: Updated to 2025-04-01-preview — current
  • ⚠️ Password handling: documentDbAdminPassword changed from hardcoded TempP@ssw0rd123! to readEnvironmentVariable('DOCUMENTDB_ADMIN_PASSWORD', ''). The empty string default means deployment will fail if the env var isn't set. Consider:
    • Adding validation in the template, OR
    • Documenting the required env var in README/sample.env, OR
    • Using @secure() with minLength constraint

Amos (Sample Dev):

  • ✅ Good security improvement removing hardcoded password
  • ⚠️ Need to ensure azd workflow sets DOCUMENTDB_ADMIN_PASSWORD — check azure.yaml or azd env set docs

Verdict: squad:pr-reviewed

Small, focused, and correct. Minor concern about empty password default. Awaiting squad:pr-dina-approved before merge.

@diberry diberry added the squad:pr-reviewed Squad team has reviewed this PR label Mar 31, 2026
@diberry

diberry commented Mar 31, 2026

Copy link
Copy Markdown
Collaborator Author

📊 Squad Status — PR Review

Ralph (Work Monitor) — sweep on 2026-03-31

Review Pipeline Status

  • squad:pr-reviewed — Squad review complete
  • Awaiting squad:pr-dina-approved — Dina must review and approve before merge

Next Steps

  1. Dina reviews this PR
  2. If approved, Dina adds squad:pr-dina-approved label
  3. Ralph merges after Dina's approval

⚠️ Will NOT merge without Dina's explicit approval.

diberry added a commit to diberry/documentdb-samples that referenced this pull request Apr 28, 2026
@diberry
infra: absorb PR Azure-Samples#59 fixes (AVM bumps, API versions, sec…
77c4057 
…ure password)

- managed-identity AVM 0.4.0 → 0.5.0
- cognitive-services AVM 0.10.0 → 0.14.0
- API versions → 2025-04-01-preview (chat + synth)
- Remove hardcoded password, use readEnvironmentVariable

This makes PR Azure-Samples#70 a complete superset of PR Azure-Samples#59.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@diberry

diberry commented Apr 28, 2026

Copy link
Copy Markdown
Collaborator Author

Superseded by #70 which includes all changes from this PR (AVM bumps, API version upgrades, secure password) plus configurable OpenAI params, separate location, README documentation, and vector index notes.

@diberry diberry closed this Apr 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

squad:pr-reviewed Squad team has reviewed this PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@diberry