Providing custom resources for Blob, KeyVault, OpenAI, Search, or AI Services fails provisioning during role assignments

[colincmac]

You are able to provide overrides for various services that are pre-existing, however the role assignment and a few Private Link Bicep modules are not scoped pre-defined resource groups.

Reproduce:

1. Provide custom Azure OpenAI services via the ENV variables
2. Get error
   ResourceNotFound: The Resource 'Microsoft.CognitiveServices/accounts/<my-service>' under resource group '<my-rg>' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix

This is due to the role assignments starting in these places not specifying the correct resource group in their scope

Access Policies (Links to lines where the RBAC assignments fail)

• GPT-RAG/infra/main.bicep

  Line 949 in aee7216

  module orchestratorKeyVaultAccess './core/security/keyvault-access.bicep' = {

• GPT-RAG/infra/main.bicep

  Line 1074 in aee7216

  module appserviceKeyVaultAccess './core/security/keyvault-access.bicep' = {

• GPT-RAG/infra/main.bicep

  Line 1244 in aee7216

  module dataIngestionKeyVaultAccess './core/security/keyvault-access.bicep' = {

• GPT-RAG/infra/main.bicep

  Line 1469 in aee7216

  module loadtestingKeyVaultAccess './core/security/keyvault-access.bicep' = if (_provisionLoadTesting){

Private Links (2 individual failures)

• GPT-RAG/infra/main.bicep

  Line 1421 in aee7216

  module searchStoragePrivatelink 'core/search/search-private-link.bicep' = if (_networkIsolation && !_vnetReuse) {

• GPT-RAG/infra/main.bicep

  Line 1432 in aee7216

  module searchFuncAppPrivatelink 'core/search/search-private-link.bicep' = if (_networkIsolation && !_vnetReuse) {

Fix by changing the scope of the module to:
az.resourceGroup(_azureReuseConfig.myOverride)

Likely the value of _azureReuseConfig properties will need to be the actual values, rather than optional overrides. This is a common practice in the Bicep Modules Registry.