From 25d6626a5319d724a3b374c456e315e4f7ab8c2a Mon Sep 17 00:00:00 2001 From: Harmanpreet Kaur Date: Tue, 20 May 2025 11:11:58 +0530 Subject: [PATCH 1/4] added bicep --- infra/deploy_ai_foundry.bicep | 15 +-- infra/deploy_keyvault.bicep | 2 + infra/deploy_managed_identity.bicep | 2 - infra/main.bicep | 110 +++++++-------------- infra/main.bicepparam | 4 +- infra/main.json | 146 +++++++--------------------- src/backend/requirements.txt | 2 +- 7 files changed, 75 insertions(+), 206 deletions(-) diff --git a/infra/deploy_ai_foundry.bicep b/infra/deploy_ai_foundry.bicep index 9783fee..13b4efa 100644 --- a/infra/deploy_ai_foundry.bicep +++ b/infra/deploy_ai_foundry.bicep @@ -1,7 +1,4 @@ // Creates Azure dependent resources for Azure AI studio -@minLength(3) -@maxLength(15) -@description('Solution Name') param solutionName string param solutionLocation string param keyVaultName string @@ -11,7 +8,6 @@ param managedIdentityObjectId string param aiServicesEndpoint string param aiServicesKey string param aiServicesId string - var abbrs = loadJsonContent('./abbreviations.json') var storageName = '${abbrs.storage.storageAccount}${solutionName}hubst' var storageSkuName = 'Standard_LRS' @@ -27,7 +23,6 @@ var aiProjectFriendlyName = aiProjectName var aiSearchName = '${abbrs.ai.aiSearch}${solutionName}' - resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = { name: keyVaultName } @@ -45,9 +40,7 @@ resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2023-09-01' = { } -var storageNameCleaned = replace(replace(replace(replace('${storageName}cast', '-', ''), '_', ''), '.', ''),'/', '') - - +var storageNameCleaned = replace(storageName, '-', '') resource storage 'Microsoft.Storage/storageAccounts@2022-09-01' = { @@ -119,7 +112,7 @@ resource storageroleAssignment 'Microsoft.Authorization/roleAssignments@2022-04- } resource aiHub 'Microsoft.MachineLearningServices/workspaces@2023-08-01-preview' = { - name: azureAiHubName + name: aiHubName location: location identity: { type: 'SystemAssigned' @@ -136,7 +129,7 @@ resource aiHub 'Microsoft.MachineLearningServices/workspaces@2023-08-01-preview' kind: 'hub' resource aiServicesConnection 'connections@2024-07-01-preview' = { - name: '${azureAiHubName}-connection-AzureOpenAI' + name: '${aiHubName}-connection-AzureOpenAI' properties: { category: 'AIServices' target: aiServicesEndpoint @@ -305,5 +298,3 @@ output storageAccountName string = storageNameCleaned output logAnalyticsId string = logAnalytics.id output storageAccountId string = storage.id - -output projectConnectionString string = '${split(aiHubProject.properties.discoveryUrl, '/')[2]};${subscription().subscriptionId};${resourceGroup().name};${aiHubProject.name}' diff --git a/infra/deploy_keyvault.bicep b/infra/deploy_keyvault.bicep index a10a9af..0ac0018 100644 --- a/infra/deploy_keyvault.bicep +++ b/infra/deploy_keyvault.bicep @@ -35,7 +35,9 @@ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = { enabledForDeployment: true enabledForDiskEncryption: true enabledForTemplateDeployment: true + enableSoftDelete: false enableRbacAuthorization: true + enablePurgeProtection: true publicNetworkAccess: 'enabled' sku: { family: 'A' diff --git a/infra/deploy_managed_identity.bicep b/infra/deploy_managed_identity.bicep index 6e0b9dc..5af3232 100644 --- a/infra/deploy_managed_identity.bicep +++ b/infra/deploy_managed_identity.bicep @@ -10,10 +10,8 @@ param solutionName string param solutionLocation string @description('Name') - param miName string - resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { name: miName location: solutionLocation diff --git a/infra/main.bicep b/infra/main.bicep index 696237e..03dc951 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -1,11 +1,9 @@ @minLength(3) - @maxLength(10) @description('Prefix for all resources created by this template. This prefix will be used to create unique names for all resources. The prefix must be unique within the resource group.') param ResourcePrefix string var abbrs = loadJsonContent('./abbreviations.json') - @allowed([ 'australiaeast' 'brazilsouth' @@ -32,13 +30,24 @@ var abbrs = loadJsonContent('./abbreviations.json') 'westus3' ]) @description('Location for all Ai services resources. This location can be different from the resource group location.') -param AzureAiServiceLocation string // The location used for all deployed resources. This location must be in the same region as the resource group. +param AiLocation string // The location used for all deployed resources. This location must be in the same region as the resource group. param capacity int = 5 -var uniqueId = toLower(uniqueString(subscription().id, safePrefix, resourceGroup().location)) -var UniquePrefix = 'cm${padLeft(take(uniqueId, 12), 12, '0')}' -var ResourcePrefix = take('cm${safePrefix}${UniquePrefix}', 15) -var imageVersion = 'latest' + +@description('A unique prefix for all resources in this deployment. This should be 3-10 characters long:') +//param environmentName string +var randomString = substring(uniqueString(resourceGroup().id), 0, 4) +@description('The location used for all deployed resources') +// Generate a unique string based on the base name and a unique identifier +//var uniqueSuffix = uniqueString(resourceGroup().id, ResourcePrefix) + +// Take the first 4 characters of the unique string to use as a suffix +//var randomSuffix = substring(ResourcePrefix, 0, min(10, length(ResourcePrefix))) + +// Combine the base name with the random suffix +var finalName = '${ResourcePrefix}-${randomString}' + +var imageVersion = 'rc1' var location = resourceGroup().location var dblocation = resourceGroup().location var cosmosdbDatabase = 'cmsadb' @@ -48,15 +57,14 @@ var cosmosdbLogContainer = 'cmsalog' var deploymentType = 'GlobalStandard' var containerName = 'appstorage' var llmModel = 'gpt-4o' +var prefixCleaned = replace(toLower(finalName), '-', '') var storageSkuName = 'Standard_LRS' - var storageContainerName = '${abbrs.storage.storageAccount}${prefixCleaned}' var gptModelVersion = '2024-08-06' var aiServicesName = '${abbrs.ai.aiServices}${prefixCleaned}' - var aiModelDeployments = [ { name: llmModel @@ -70,26 +78,24 @@ var aiModelDeployments = [ } ] -resource azureAiServices 'Microsoft.CognitiveServices/accounts@2024-04-01-preview' = { - name: azureAiServicesName +resource aiServices 'Microsoft.CognitiveServices/accounts@2024-04-01-preview' = { + name: aiServicesName location: location sku: { name: 'S0' } kind: 'AIServices' properties: { - customSubDomainName: aiServicesName apiProperties: { // statisticsEnabled: false } - } } @batchSize(1) -resource azureAiServicesDeployments 'Microsoft.CognitiveServices/accounts/deployments@2023-05-01' = [for aiModeldeployment in aiModelDeployments: { - parent: azureAiServices //aiServices_m +resource aiServicesDeployments 'Microsoft.CognitiveServices/accounts/deployments@2023-05-01' = [for aiModeldeployment in aiModelDeployments: { + parent: aiServices //aiServices_m name: aiModeldeployment.name properties: { model: { @@ -111,10 +117,8 @@ resource azureAiServicesDeployments 'Microsoft.CognitiveServices/accounts/deploy module managedIdentityModule 'deploy_managed_identity.bicep' = { name: 'deploy_managed_identity' params: { - miName:'${abbrs.security.managedIdentity}${prefixCleaned}' solutionName: prefixCleaned - solutionLocation: location } scope: resourceGroup(resourceGroup().name) @@ -125,10 +129,8 @@ module managedIdentityModule 'deploy_managed_identity.bicep' = { module kvault 'deploy_keyvault.bicep' = { name: 'deploy_keyvault' params: { - keyvaultName: '${abbrs.security.keyVault}${prefixCleaned}' solutionName: prefixCleaned - solutionLocation: location managedIdentityObjectId:managedIdentityModule.outputs.managedIdentityOutput.objectId } @@ -137,27 +139,27 @@ module kvault 'deploy_keyvault.bicep' = { // ==========AI Foundry and related resources ========== // -module azureAifoundry 'deploy_ai_foundry.bicep' = { +module aifoundry 'deploy_ai_foundry.bicep' = { name: 'deploy_ai_foundry' params: { - solutionName: ResourcePrefix - solutionLocation: AzureAiServiceLocation + solutionName: prefixCleaned + solutionLocation: AiLocation keyVaultName: kvault.outputs.keyvaultName gptModelName: llmModel gptModelVersion: gptModelVersion managedIdentityObjectId:managedIdentityModule.outputs.managedIdentityOutput.objectId - aiServicesEndpoint: azureAiServices.properties.endpoint - aiServicesKey: azureAiServices.listKeys().key1 - aiServicesId: azureAiServices.id + aiServicesEndpoint: aiServices.properties.endpoint + aiServicesKey: aiServices.listKeys().key1 + aiServicesId: aiServices.id } scope: resourceGroup(resourceGroup().name) } module containerAppsEnvironment 'br/public:avm/res/app/managed-environment:0.9.1' = { - name: toLower('${ResourcePrefix}conAppsEnv') + name: toLower('${prefixCleaned}conAppsEnv') params: { - logAnalyticsWorkspaceResourceId: azureAifoundry.outputs.logAnalyticsId - name: toLower('${ResourcePrefix}manenv') + logAnalyticsWorkspaceResourceId: aifoundry.outputs.logAnalyticsId + name: toLower('${prefixCleaned}manenv') location: location zoneRedundant: false managedIdentities: managedIdentityModule @@ -165,12 +167,10 @@ module containerAppsEnvironment 'br/public:avm/res/app/managed-environment:0.9.1 } module databaseAccount 'br/public:avm/res/document-db/database-account:0.9.0' = { - name: toLower('${ResourcePrefix}cosmos') + name: toLower('${prefixCleaned}database') params: { // Required parameters - name: toLower('${abbrs.databases.cosmosDBDatabase}${prefixCleaned}databaseAccount') - // Non-required parameters enableAnalyticalStorage: true location: dblocation @@ -234,9 +234,7 @@ module databaseAccount 'br/public:avm/res/document-db/database-account:0.9.0' = } module containerAppFrontend 'br/public:avm/res/app/container-app:0.13.0' = { - name: toLower('${abbrs.containers.containerApp}${prefixCleaned}containerAppFrontend') - params: { managedIdentities: { systemAssigned: true @@ -266,9 +264,7 @@ module containerAppFrontend 'br/public:avm/res/app/container-app:0.13.0' = { scaleMinReplicas: 1 scaleMaxReplicas: 1 environmentResourceId: containerAppsEnvironment.outputs.resourceId - name: toLower('${abbrs.containers.containerApp}${prefixCleaned}containerFrontend') - // Non-required parameters location: location } @@ -276,9 +272,7 @@ module containerAppFrontend 'br/public:avm/res/app/container-app:0.13.0' = { resource containerAppBackend 'Microsoft.App/containerApps@2023-05-01' = { - name: toLower('${abbrs.containers.containerApp}${prefixCleaned}containerBackend') - location: location identity: { type: 'SystemAssigned' @@ -331,7 +325,7 @@ resource containerAppBackend 'Microsoft.App/containerApps@2023-05-01' = { } { name: 'AZURE_OPENAI_ENDPOINT' - value: 'https://${azureAifoundry.outputs.aiServicesName}.openai.azure.com/' + value: 'https://${aifoundry.outputs.aiServicesName}.openai.azure.com/' } { name: 'MIGRATOR_AGENT_MODEL_DEPLOY' @@ -361,26 +355,6 @@ resource containerAppBackend 'Microsoft.App/containerApps@2023-05-01' = { name: 'TERMINATION_MODEL_DEPLOY' value: llmModel } - { - name: 'AZURE_AI_AGENT_MODEL_DEPLOYMENT_NAME' - value: llmModel - } - { - name: 'AZURE_AI_AGENT_PROJECT_NAME' - value: azureAifoundry.outputs.aiProjectName - } - { - name: 'AZURE_AI_AGENT_RESOURCE_GROUP_NAME' - value: resourceGroup().name - } - { - name: 'AZURE_AI_AGENT_SUBSCRIPTION_ID' - value: subscription().subscriptionId - } - { - name: 'AZURE_AI_AGENT_PROJECT_CONNECTION_STRING' - value: azureAifoundry.outputs.projectConnectionString - } ] resources: { cpu: 1 @@ -454,7 +428,7 @@ var openAiContributorRoleId = 'a001fd3d-188f-4b5d-821b-7da978bf7442' // Fixed R resource openAiRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid(containerAppBackend.id, openAiContributorRoleId) - scope: azureAiServices + scope: aiServices properties: { roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', openAiContributorRoleId) // OpenAI Service Contributor principalId: containerAppBackend.identity.principalId @@ -471,25 +445,9 @@ resource containers 'Microsoft.Storage/storageAccounts/blobServices/containers@2 properties: { publicAccess: 'None' } - dependsOn: [azureAifoundry] + dependsOn: [aifoundry] }] -resource aiHubProject 'Microsoft.MachineLearningServices/workspaces@2024-01-01-preview' existing = { - name: '${ResourcePrefix}-prj' // aiProjectName must be calculated - available at main start. -} - -resource aiDeveloper 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = { - name: '64702f94-c441-49e6-a78b-ef80e0188fee' -} - -resource aiDeveloperAccessProj 'Microsoft.Authorization/roleAssignments@2022-04-01' = { - name: guid(containerAppBackend.name, aiHubProject.id, aiDeveloper.id) - scope: aiHubProject - properties: { - roleDefinitionId: aiDeveloper.id - principalId: containerAppBackend.identity.principalId - } -} resource contributorRoleDefinition 'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions@2021-06-15' existing = { name: '${databaseAccount.name}/00000000-0000-0000-0000-000000000002' diff --git a/infra/main.bicepparam b/infra/main.bicepparam index a369041..649aead 100644 --- a/infra/main.bicepparam +++ b/infra/main.bicepparam @@ -1,4 +1,4 @@ using './main.bicep' -param AzureAiServiceLocation = readEnvironmentVariable('AZURE_LOCATION','japaneast') -param Prefix = readEnvironmentVariable('AZURE_ENV_NAME','azdtemp') +param AiLocation = readEnvironmentVariable('AZURE_LOCATION','japaneast') +param ResourcePrefix = readEnvironmentVariable('AZURE_ENV_NAME','azdtemp') diff --git a/infra/main.json b/infra/main.json index 79accc5..75e1a88 100644 --- a/infra/main.json +++ b/infra/main.json @@ -4,21 +4,20 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.33.93.31351", "templateHash": "9645396053164913156" - } }, "parameters": { - "Prefix": { + "ResourcePrefix": { "type": "string", "minLength": 3, + "maxLength": 10, "metadata": { - "description": "Prefix for all resources created by this template. This should be 3-20 characters long. If your provide a prefix longer than 20 characters, it will be truncated to 20 characters." + "description": "Prefix for all resources created by this template. This prefix will be used to create unique names for all resources. The prefix must be unique within the resource group." } }, - "AzureAiServiceLocation": { + "AiLocation": { "type": "string", "allowedValues": [ "australiaeast", @@ -55,7 +54,6 @@ } }, "variables": { - "$fxv#0": { "ai": { "aiSearch": "srch-", @@ -287,7 +285,6 @@ "randomString": "[substring(uniqueString(resourceGroup().id), 0, 4)]", "finalName": "[format('{0}-{1}', parameters('ResourcePrefix'), variables('randomString'))]", "imageVersion": "rc1", - "location": "[resourceGroup().location]", "dblocation": "[resourceGroup().location]", "cosmosdbDatabase": "cmsadb", @@ -297,12 +294,11 @@ "deploymentType": "GlobalStandard", "containerName": "appstorage", "llmModel": "gpt-4o", + "prefixCleaned": "[replace(toLower(variables('finalName')), '-', '')]", "storageSkuName": "Standard_LRS", - "storageContainerName": "[format('{0}{1}', variables('abbrs').storage.storageAccount, variables('prefixCleaned'))]", "gptModelVersion": "2024-08-06", "aiServicesName": "[format('{0}{1}', variables('abbrs').ai.aiServices, variables('prefixCleaned'))]", - "aiModelDeployments": [ { "name": "[variables('llmModel')]", @@ -324,29 +320,27 @@ { "type": "Microsoft.CognitiveServices/accounts", "apiVersion": "2024-04-01-preview", - "name": "[variables('azureAiServicesName')]", + "name": "[variables('aiServicesName')]", "location": "[variables('location')]", "sku": { "name": "S0" }, "kind": "AIServices", "properties": { - "customSubDomainName": "[variables('aiServicesName')]", "apiProperties": {} - } }, { "copy": { - "name": "azureAiServicesDeployments", + "name": "aiServicesDeployments", "count": "[length(variables('aiModelDeployments'))]", "mode": "serial", "batchSize": 1 }, "type": "Microsoft.CognitiveServices/accounts/deployments", "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', variables('azureAiServicesName'), variables('aiModelDeployments')[copyIndex()].name)]", + "name": "[format('{0}/{1}', variables('aiServicesName'), variables('aiModelDeployments')[copyIndex()].name)]", "properties": { "model": { "format": "OpenAI", @@ -360,21 +354,19 @@ "capacity": "[variables('aiModelDeployments')[copyIndex()].sku.capacity]" }, "dependsOn": [ - "[resourceId('Microsoft.CognitiveServices/accounts', variables('azureAiServicesName'))]" + "[resourceId('Microsoft.CognitiveServices/accounts', variables('aiServicesName'))]" ] }, { "type": "Microsoft.App/containerApps", "apiVersion": "2023-05-01", - "name": "[toLower(format('{0}{1}containerBackend', variables('abbrs').containers.containerApp, variables('prefixCleaned')))]", - "location": "[variables('location')]", "identity": { "type": "SystemAssigned" }, "properties": { - "managedEnvironmentId": "[reference(resourceId('Microsoft.Resources/deployments', toLower(format('{0}conAppsEnv', variables('ResourcePrefix')))), '2022-09-01').outputs.resourceId.value]", + "managedEnvironmentId": "[reference(resourceId('Microsoft.Resources/deployments', toLower(format('{0}conAppsEnv', variables('prefixCleaned')))), '2022-09-01').outputs.resourceId.value]", "configuration": { "ingress": { "external": true, @@ -393,7 +385,7 @@ "env": [ { "name": "COSMOSDB_ENDPOINT", - "value": "[reference(resourceId('Microsoft.Resources/deployments', toLower(format('{0}cosmos', variables('ResourcePrefix')))), '2022-09-01').outputs.endpoint.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', toLower(format('{0}database', variables('prefixCleaned')))), '2022-09-01').outputs.endpoint.value]" }, { "name": "COSMOSDB_DATABASE", @@ -450,26 +442,6 @@ { "name": "TERMINATION_MODEL_DEPLOY", "value": "[variables('llmModel')]" - }, - { - "name": "AZURE_AI_AGENT_MODEL_DEPLOYMENT_NAME", - "value": "[variables('llmModel')]" - }, - { - "name": "AZURE_AI_AGENT_PROJECT_NAME", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, resourceGroup().name), 'Microsoft.Resources/deployments', 'deploy_ai_foundry'), '2022-09-01').outputs.aiProjectName.value]" - }, - { - "name": "AZURE_AI_AGENT_RESOURCE_GROUP_NAME", - "value": "[resourceGroup().name]" - }, - { - "name": "AZURE_AI_AGENT_SUBSCRIPTION_ID", - "value": "[subscription().subscriptionId]" - }, - { - "name": "AZURE_AI_AGENT_PROJECT_CONNECTION_STRING", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, resourceGroup().name), 'Microsoft.Resources/deployments', 'deploy_ai_foundry'), '2022-09-01').outputs.projectConnectionString.value]" } ], "resources": { @@ -482,8 +454,8 @@ }, "dependsOn": [ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, resourceGroup().name), 'Microsoft.Resources/deployments', 'deploy_ai_foundry')]", - "[resourceId('Microsoft.Resources/deployments', toLower(format('{0}conAppsEnv', variables('ResourcePrefix'))))]", - "[resourceId('Microsoft.Resources/deployments', toLower(format('{0}cosmos', variables('ResourcePrefix'))))]", + "[resourceId('Microsoft.Resources/deployments', toLower(format('{0}conAppsEnv', variables('prefixCleaned'))))]", + "[resourceId('Microsoft.Resources/deployments', toLower(format('{0}database', variables('prefixCleaned'))))]", "[resourceId('Microsoft.Storage/storageAccounts', variables('storageContainerName'))]" ] }, @@ -544,7 +516,6 @@ "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "scope": "[format('Microsoft.Storage/storageAccounts/{0}', variables('storageContainerName'))]", - "name": "[guid(resourceId('Microsoft.App/containerApps', toLower(format('{0}{1}containerBackend', variables('abbrs').containers.containerApp, variables('prefixCleaned')))), 'Storage Blob Data Contributor')]", "properties": { "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')]", @@ -552,14 +523,12 @@ }, "dependsOn": [ "[resourceId('Microsoft.App/containerApps', toLower(format('{0}{1}containerBackend', variables('abbrs').containers.containerApp, variables('prefixCleaned'))))]", - "[resourceId('Microsoft.Storage/storageAccounts', variables('storageContainerName'))]" ] }, { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.CognitiveServices/accounts/{0}', variables('aiServicesName'))]", "name": "[guid(resourceId('Microsoft.App/containerApps', toLower(format('{0}{1}containerBackend', variables('abbrs').containers.containerApp, variables('prefixCleaned')))), variables('openAiContributorRoleId'))]", "properties": { @@ -569,7 +538,6 @@ "dependsOn": [ "[resourceId('Microsoft.CognitiveServices/accounts', variables('aiServicesName'))]", "[resourceId('Microsoft.App/containerApps', toLower(format('{0}{1}containerBackend', variables('abbrs').containers.containerApp, variables('prefixCleaned'))))]" - ] }, { @@ -587,19 +555,6 @@ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, resourceGroup().name), 'Microsoft.Resources/deployments', 'deploy_ai_foundry')]" ] }, - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.MachineLearningServices/workspaces/{0}', format('{0}-prj', variables('ResourcePrefix')))]", - "name": "[guid(toLower(format('{0}Bck-ca', variables('ResourcePrefix'))), resourceId('Microsoft.MachineLearningServices/workspaces', format('{0}-prj', variables('ResourcePrefix'))), resourceId('Microsoft.Authorization/roleDefinitions', '64702f94-c441-49e6-a78b-ef80e0188fee'))]", - "properties": { - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '64702f94-c441-49e6-a78b-ef80e0188fee')]", - "principalId": "[reference(resourceId('Microsoft.App/containerApps', toLower(format('{0}Bck-ca', variables('ResourcePrefix')))), '2023-05-01', 'full').identity.principalId]" - }, - "dependsOn": [ - "[resourceId('Microsoft.App/containerApps', toLower(format('{0}Bck-ca', variables('ResourcePrefix'))))]" - ] - }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -615,7 +570,7 @@ "value": "[format('{0}{1}', variables('abbrs').security.managedIdentity, variables('prefixCleaned'))]" }, "solutionName": { - "value": "[variables('ResourcePrefix')]" + "value": "[variables('prefixCleaned')]" }, "solutionLocation": { "value": "[variables('location')]" @@ -627,10 +582,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.33.93.31351", "templateHash": "4801202077166882355" - } }, "parameters": { @@ -650,8 +603,6 @@ }, "miName": { "type": "string", - - "metadata": { "description": "Name" } @@ -716,7 +667,7 @@ "value": "[format('{0}{1}', variables('abbrs').security.keyVault, variables('prefixCleaned'))]" }, "solutionName": { - "value": "[variables('ResourcePrefix')]" + "value": "[variables('prefixCleaned')]" }, "solutionLocation": { "value": "[variables('location')]" @@ -731,10 +682,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.33.93.31351", "templateHash": "15626032116057754317" - } }, "parameters": { @@ -787,7 +736,9 @@ "enabledForDeployment": true, "enabledForDiskEncryption": true, "enabledForTemplateDeployment": true, + "enableSoftDelete": false, "enableRbacAuthorization": true, + "enablePurgeProtection": true, "publicNetworkAccess": "enabled", "sku": { "family": "A", @@ -836,10 +787,10 @@ "mode": "Incremental", "parameters": { "solutionName": { - "value": "[variables('ResourcePrefix')]" + "value": "[variables('prefixCleaned')]" }, "solutionLocation": { - "value": "[parameters('AzureAiServiceLocation')]" + "value": "[parameters('AiLocation')]" }, "keyVaultName": { "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, resourceGroup().name), 'Microsoft.Resources/deployments', 'deploy_keyvault'), '2022-09-01').outputs.keyvaultName.value]" @@ -854,13 +805,13 @@ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, resourceGroup().name), 'Microsoft.Resources/deployments', 'deploy_managed_identity'), '2022-09-01').outputs.managedIdentityOutput.value.objectId]" }, "aiServicesEndpoint": { - "value": "[reference(resourceId('Microsoft.CognitiveServices/accounts', variables('azureAiServicesName')), '2024-04-01-preview').endpoint]" + "value": "[reference(resourceId('Microsoft.CognitiveServices/accounts', variables('aiServicesName')), '2024-04-01-preview').endpoint]" }, "aiServicesKey": { - "value": "[listKeys(resourceId('Microsoft.CognitiveServices/accounts', variables('azureAiServicesName')), '2024-04-01-preview').key1]" + "value": "[listKeys(resourceId('Microsoft.CognitiveServices/accounts', variables('aiServicesName')), '2024-04-01-preview').key1]" }, "aiServicesId": { - "value": "[resourceId('Microsoft.CognitiveServices/accounts', variables('azureAiServicesName'))]" + "value": "[resourceId('Microsoft.CognitiveServices/accounts', variables('aiServicesName'))]" } }, "template": { @@ -869,20 +820,13 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.33.93.31351", "templateHash": "17234510752657929213" - } }, "parameters": { "solutionName": { - "type": "string", - "minLength": 3, - "maxLength": 15, - "metadata": { - "description": "Solution Name" - } + "type": "string" }, "solutionLocation": { "type": "string" @@ -907,14 +851,9 @@ }, "aiServicesId": { "type": "string" - }, - "storageName": { - "type": "string", - "defaultValue": "[format('{0}hubst', parameters('solutionName'))]" } }, "variables": { - "$fxv#0": { "ai": { "aiSearch": "srch-", @@ -1156,13 +1095,12 @@ "aiProjectFriendlyName": "[variables('aiProjectName')]", "aiSearchName": "[format('{0}{1}', variables('abbrs').ai.aiSearch, parameters('solutionName'))]", "storageNameCleaned": "[replace(variables('storageName'), '-', '')]" - }, "resources": [ { "type": "Microsoft.MachineLearningServices/workspaces/connections", "apiVersion": "2024-07-01-preview", - "name": "[format('{0}/{1}', variables('azureAiHubName'), format('{0}-connection-AzureOpenAI', variables('azureAiHubName')))]", + "name": "[format('{0}/{1}', variables('aiHubName'), format('{0}-connection-AzureOpenAI', variables('aiHubName')))]", "properties": { "category": "AIServices", "target": "[parameters('aiServicesEndpoint')]", @@ -1177,7 +1115,7 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.MachineLearningServices/workspaces', variables('azureAiHubName'))]" + "[resourceId('Microsoft.MachineLearningServices/workspaces', variables('aiHubName'))]" ] }, { @@ -1263,7 +1201,7 @@ { "type": "Microsoft.MachineLearningServices/workspaces", "apiVersion": "2023-08-01-preview", - "name": "[variables('azureAiHubName')]", + "name": "[variables('aiHubName')]", "location": "[variables('location')]", "identity": { "type": "SystemAssigned" @@ -1290,10 +1228,10 @@ }, "properties": { "friendlyName": "[variables('aiProjectFriendlyName')]", - "hubResourceId": "[resourceId('Microsoft.MachineLearningServices/workspaces', variables('azureAiHubName'))]" + "hubResourceId": "[resourceId('Microsoft.MachineLearningServices/workspaces', variables('aiHubName'))]" }, "dependsOn": [ - "[resourceId('Microsoft.MachineLearningServices/workspaces', variables('azureAiHubName'))]" + "[resourceId('Microsoft.MachineLearningServices/workspaces', variables('aiHubName'))]" ] }, { @@ -1460,16 +1398,12 @@ "storageAccountId": { "type": "string", "value": "[resourceId('Microsoft.Storage/storageAccounts', variables('storageNameCleaned'))]" - }, - "projectConnectionString": { - "type": "string", - "value": "[format('{0};{1};{2};{3}', split(reference(resourceId('Microsoft.MachineLearningServices/workspaces', variables('aiProjectName')), '2024-01-01-preview').discoveryUrl, '/')[2], subscription().subscriptionId, resourceGroup().name, variables('aiProjectName'))]" } } } }, "dependsOn": [ - "[resourceId('Microsoft.CognitiveServices/accounts', variables('azureAiServicesName'))]", + "[resourceId('Microsoft.CognitiveServices/accounts', variables('aiServicesName'))]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, resourceGroup().name), 'Microsoft.Resources/deployments', 'deploy_keyvault')]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, resourceGroup().name), 'Microsoft.Resources/deployments', 'deploy_managed_identity')]" ] @@ -1477,7 +1411,7 @@ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[toLower(format('{0}conAppsEnv', variables('ResourcePrefix')))]", + "name": "[toLower(format('{0}conAppsEnv', variables('prefixCleaned')))]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -1488,7 +1422,7 @@ "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, resourceGroup().name), 'Microsoft.Resources/deployments', 'deploy_ai_foundry'), '2022-09-01').outputs.logAnalyticsId.value]" }, "name": { - "value": "[toLower(format('{0}manenv', variables('ResourcePrefix')))]" + "value": "[toLower(format('{0}manenv', variables('prefixCleaned')))]" }, "location": { "value": "[variables('location')]" @@ -2096,7 +2030,7 @@ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[toLower(format('{0}cosmos', variables('ResourcePrefix')))]", + "name": "[toLower(format('{0}database', variables('prefixCleaned')))]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -2104,9 +2038,7 @@ "mode": "Incremental", "parameters": { "name": { - "value": "[toLower(format('{0}{1}databaseAccount', variables('abbrs').databases.cosmosDBDatabase, variables('prefixCleaned')))]" - }, "enableAnalyticalStorage": { "value": true @@ -5914,9 +5846,7 @@ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[toLower(format('{0}{1}containerAppFrontend', variables('abbrs').containers.containerApp, variables('prefixCleaned')))]", - "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -5937,9 +5867,7 @@ "env": [ { "name": "API_URL", - "value": "[format('https://{0}', reference(resourceId('Microsoft.App/containerApps', toLower(format('{0}{1}containerBackend', variables('abbrs').containers.containerApp, variables('prefixCleaned')))), '2023-05-01').configuration.ingress.fqdn)]" - } ], "image": "[format('cmsacontainerreg.azurecr.io/cmsafrontend:{0}', variables('imageVersion'))]", @@ -5964,12 +5892,10 @@ "value": 1 }, "environmentResourceId": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', toLower(format('{0}conAppsEnv', variables('ResourcePrefix')))), '2022-09-01').outputs.resourceId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', toLower(format('{0}conAppsEnv', variables('prefixCleaned')))), '2022-09-01').outputs.resourceId.value]" }, "name": { - "value": "[toLower(format('{0}{1}containerFrontend', variables('abbrs').containers.containerApp, variables('prefixCleaned')))]" - }, "location": { "value": "[variables('location')]" @@ -7141,10 +7067,8 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.App/containerApps', toLower(format('{0}{1}containerBackend', variables('abbrs').containers.containerApp, variables('prefixCleaned'))))]", "[resourceId('Microsoft.Resources/deployments', toLower(format('{0}conAppsEnv', variables('prefixCleaned'))))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, resourceGroup().name), 'Microsoft.Resources/deployments', 'deploy_managed_identity')]" ] }, @@ -7178,9 +7102,7 @@ } }, "scriptContent": { - "value": "[format('az cosmosdb sql role assignment create --resource-group \"{0}\" --account-name \"{1}\" --role-definition-id \"{2}\" --scope \"{3}\" --principal-id \"{4}\"', resourceGroup().name, reference(resourceId('Microsoft.Resources/deployments', toLower(format('{0}database', variables('prefixCleaned')))), '2022-09-01').outputs.name.value, resourceId('Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions', split(format('{0}/00000000-0000-0000-0000-000000000002', toLower(format('{0}database', variables('prefixCleaned')))), '/')[0], split(format('{0}/00000000-0000-0000-0000-000000000002', toLower(format('{0}database', variables('prefixCleaned')))), '/')[1]), reference(resourceId('Microsoft.Resources/deployments', toLower(format('{0}database', variables('prefixCleaned')))), '2022-09-01').outputs.resourceId.value, reference(resourceId('Microsoft.App/containerApps', toLower(format('{0}{1}containerBackend', variables('abbrs').containers.containerApp, variables('prefixCleaned')))), '2023-05-01', 'full').identity.principalId)]" - } }, "template": { @@ -7709,10 +7631,8 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.App/containerApps', toLower(format('{0}{1}containerBackend', variables('abbrs').containers.containerApp, variables('prefixCleaned'))))]", "[resourceId('Microsoft.Resources/deployments', toLower(format('{0}database', variables('prefixCleaned'))))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, resourceGroup().name), 'Microsoft.Resources/deployments', 'deploy_managed_identity')]" ] } diff --git a/src/backend/requirements.txt b/src/backend/requirements.txt index c5d6b63..9271f9d 100644 --- a/src/backend/requirements.txt +++ b/src/backend/requirements.txt @@ -17,7 +17,7 @@ azure-cosmos azure-servicebus azure-mgmt-storage azure-functions - +azure-ai-projects==1.0.0b9 # Development tools pytest pytest-mock From 0c9eccecd3f1cf474467a67f139b7526885a6de2 Mon Sep 17 00:00:00 2001 From: Harmanpreet Kaur Date: Tue, 20 May 2025 11:15:56 +0530 Subject: [PATCH 2/4] edit1 --- .dockerignore | 162 -------------------------------------------------- 1 file changed, 162 deletions(-) delete mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore deleted file mode 100644 index 68dc843..0000000 --- a/.dockerignore +++ /dev/null @@ -1,162 +0,0 @@ -# Include any files or directories that you don't want to be copied to your -# container here (e.g., local build artifacts, temporary files, etc.). -# -# For more help, visit the .dockerignore file reference guide at -# https://docs.docker.com/engine/reference/builder/#dockerignore-file - -**/.DS_Store -**/__pycache__ -**/.venv -**/.classpath -**/.dockerignore -**/.env -**/.git -**/.gitignore -**/.project -**/.settings -**/.toolstarget -**/.vs -**/.vscode -**/*.*proj.user -**/*.dbmdl -**/*.jfm -**/bin -**/charts -**/docker-compose* -**/compose* -**/Dockerfile* -**/*.Dockerfile -**/node_modules -**/npm-debug.log -**/obj -**/secrets.dev.yaml -**/values.dev.yaml -LICENSE -README.md - -# Byte-compiled / optimized / DLL files -__pycache__/ -*.py[cod] -*$py.class - -# C extensions -*.so - -# Distribution / packaging -.Python -build/ -develop-eggs/ -dist/ -downloads/ -eggs/ -lib/ -lib64/ -parts/ -sdist/ -var/ -*.egg-info/ -.installed.cfg -*.egg - -# PyInstaller -# Usually these files are written by a python script from a template -# before PyInstaller builds the exe, so as to inject date/other infos into it. -*.manifest -*.spec - -# Installer logs -pip-log.txt -pip-delete-this-directory.txt - -# Unit test / coverage reports -htmlcov/ -.tox/ -.nox/ -.coverage -.coverage.* -.cache -nosetests.xml -coverage.xml -*.cover -*.log - -# Translations -*.mo -*.pot - -# Django stuff: -*.log -local_settings.py -db.sqlite3 - -# Flask stuff: -instance/ -.webassets-cache - -# Scrapy stuff: -.scrapy - -# Sphinx documentation -docs/_build/ - -# PyBuilder -target/ - -# Jupyter Notebook -.ipynb_checkpoints - -# IPython -profile_default/ -ipython_config.py - -# pyenv -.python-version - -# celery beat schedule file -celerybeat-schedule - -# SageMath parsed files -*.sage.py - -# Environments -.env -.venv -env/ -venv/ -ENV/ -env.bak/ -venv.bak/ - -# Spyder project settings -.spyderproject -.spyproject - -# Rope project settings -.ropeproject - -# mkdocs documentation -/site - -# mypy -.mypy_cache/ -.dmypy.json -dmypy.json - -# Pyre type checker -.pyre/ - -# pytype static type analyzer -.pytype/ - -# Cython debug symbols -cython_debug/ - -# VS Code -.vscode/ - -# Ignore other unnecessary files -*.bak -*.swp -.DS_Store -*.pdb -*.sqlite3 From d659c46606fbc98cb121e17142f06db57b06d2a6 Mon Sep 17 00:00:00 2001 From: Harmanpreet Kaur Date: Tue, 20 May 2025 11:18:19 +0530 Subject: [PATCH 3/4] added --- .dockerignore | 162 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 162 insertions(+) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..68dc843 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,162 @@ +# Include any files or directories that you don't want to be copied to your +# container here (e.g., local build artifacts, temporary files, etc.). +# +# For more help, visit the .dockerignore file reference guide at +# https://docs.docker.com/engine/reference/builder/#dockerignore-file + +**/.DS_Store +**/__pycache__ +**/.venv +**/.classpath +**/.dockerignore +**/.env +**/.git +**/.gitignore +**/.project +**/.settings +**/.toolstarget +**/.vs +**/.vscode +**/*.*proj.user +**/*.dbmdl +**/*.jfm +**/bin +**/charts +**/docker-compose* +**/compose* +**/Dockerfile* +**/*.Dockerfile +**/node_modules +**/npm-debug.log +**/obj +**/secrets.dev.yaml +**/values.dev.yaml +LICENSE +README.md + +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +*.egg-info/ +.installed.cfg +*.egg + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.log + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +.python-version + +# celery beat schedule file +celerybeat-schedule + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ + +# pytype static type analyzer +.pytype/ + +# Cython debug symbols +cython_debug/ + +# VS Code +.vscode/ + +# Ignore other unnecessary files +*.bak +*.swp +.DS_Store +*.pdb +*.sqlite3 From bed0c8a431b95b81fde7e7b1ba7d97cfff9d977f Mon Sep 17 00:00:00 2001 From: Harmanpreet Kaur Date: Tue, 20 May 2025 11:38:09 +0530 Subject: [PATCH 4/4] edit3 --- infra/deploy_keyvault.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/infra/deploy_keyvault.bicep b/infra/deploy_keyvault.bicep index 0ac0018..a23970b 100644 --- a/infra/deploy_keyvault.bicep +++ b/infra/deploy_keyvault.bicep @@ -35,9 +35,9 @@ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = { enabledForDeployment: true enabledForDiskEncryption: true enabledForTemplateDeployment: true - enableSoftDelete: false + enableRbacAuthorization: true - enablePurgeProtection: true + publicNetworkAccess: 'enabled' sku: { family: 'A'