Zero-Trust RAG: Defeating the Shared Private Link Deadlock in Azure Terraform

Your Terraform pipeline is green. The deployment completes without errors. You grab a coffee. Ten minutes later, you test your new Enterprise RAG application. It throws a 403 Forbidden . You open the Azure Portal, check the OpenAI Networking tab, and there it is: your Shared Private Link from AI Search is sitting in Pending . Nobody told Terraform to approve it. Nobody told you it even needed approving. This is the CI/CD killer of Azure AI infrastructure. Why It Happens AI Search must call OpenA