Fix A Recordset

dharakumarmsft · dharakumarmsft · commit 4ab83b1de250 · 2025-02-26T01:09:21.000-08:00
diff --git a/scenarios/Agents/setup/network-secured-agent/azuredeploy.json b/scenarios/Agents/setup/network-secured-agent/azuredeploy.json
@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.33.93.31351",
-      "templateHash": "13610358180001906492"
+      "templateHash": "11320135796736030975"
     }
   },
   "parameters": {
@@ -1289,7 +1289,7 @@
             "_generator": {
               "name": "bicep",
               "version": "0.33.93.31351",
-              "templateHash": "9138892518815799182"
+              "templateHash": "6718468015645700202"
             }
           },
           "parameters": {
@@ -1338,6 +1338,28 @@
                 ]
               }
             },
+            {
+              "type": "Microsoft.Network/privateEndpoints",
+              "apiVersion": "2024-05-01",
+              "name": "[format('{0}-openAi-private-endpoint', parameters('aiServicesName'))]",
+              "location": "[resourceGroup().location]",
+              "properties": {
+                "subnet": {
+                  "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('cxSubnetName'))]"
+                },
+                "privateLinkServiceConnections": [
+                  {
+                    "name": "[format('{0}-openAi-private-link-service-connection', parameters('aiServicesName'))]",
+                    "properties": {
+                      "privateLinkServiceId": "[resourceId('Microsoft.CognitiveServices/accounts', parameters('aiServicesName'))]",
+                      "groupIds": [
+                        "account"
+                      ]
+                    }
+                  }
+                ]
+              }
+            },
             {
               "type": "Microsoft.Network/privateEndpoints",
               "apiVersion": "2024-05-01",
@@ -1388,6 +1410,12 @@
               "name": "privatelink.azureml.ms",
               "location": "global"
             },
+            {
+              "type": "Microsoft.Network/privateDnsZones",
+              "apiVersion": "2020-06-01",
+              "name": "privatelink.openai.azure.com",
+              "location": "global"
+            },
             {
               "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
               "apiVersion": "2024-06-01",
@@ -1403,6 +1431,21 @@
                 "[resourceId('Microsoft.Network/privateDnsZones', 'privatelink.azureml.ms')]"
               ]
             },
+            {
+              "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
+              "apiVersion": "2024-06-01",
+              "name": "[format('{0}/{1}', 'privatelink.openai.azure.com', format('aiServicesOpenAI-{0}-link', parameters('suffix')))]",
+              "location": "global",
+              "properties": {
+                "virtualNetwork": {
+                  "id": "[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName'))]"
+                },
+                "registrationEnabled": false
+              },
+              "dependsOn": [
+                "[resourceId('Microsoft.Network/privateDnsZones', 'privatelink.openai.azure.com')]"
+              ]
+            },
             {
               "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
               "apiVersion": "2024-05-01",
@@ -1422,6 +1465,25 @@
                 "[resourceId('Microsoft.Network/privateEndpoints', format('{0}-private-endpoint', parameters('aiServicesName')))]"
               ]
             },
+            {
+              "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
+              "apiVersion": "2024-05-01",
+              "name": "[format('{0}/{1}', format('{0}-openAi-private-endpoint', parameters('aiServicesName')), format('{0}-openAi-dns-group', parameters('aiServicesName')))]",
+              "properties": {
+                "privateDnsZoneConfigs": [
+                  {
+                    "name": "[format('{0}-openAi-dns-config', parameters('aiServicesName'))]",
+                    "properties": {
+                      "privateDnsZoneId": "[resourceId('Microsoft.Network/privateDnsZones', 'privatelink.openai.azure.com')]"
+                    }
+                  }
+                ]
+              },
+              "dependsOn": [
+                "[resourceId('Microsoft.Network/privateEndpoints', format('{0}-openAi-private-endpoint', parameters('aiServicesName')))]",
+                "[resourceId('Microsoft.Network/privateDnsZones', 'privatelink.openai.azure.com')]"
+              ]
+            },
             {
               "type": "Microsoft.Network/privateDnsZones",
               "apiVersion": "2020-06-01",
diff --git a/scenarios/Agents/setup/network-secured-agent/modules-network-secured/private-endpoint-and-dns.bicep b/scenarios/Agents/setup/network-secured-agent/modules-network-secured/private-endpoint-and-dns.bicep
@@ -26,8 +26,8 @@ Security Benefits:
 */
 
 // Resource names and identifiers
-param aiServicesName string 
-param aiSearchName string 
+param aiServicesName string
+param aiSearchName string
 param storageName string
 param vnetName string
 param cxSubnetName string
@@ -82,6 +82,27 @@ resource aiServicesPrivateEndpoint 'Microsoft.Network/privateEndpoints@2024-05-0
   }
 }
 
+resource aiServiceOpenAiPrivateEndpoint 'Microsoft.Network/privateEndpoints@2024-05-01' = {
+  name: '${aiServicesName}-openAi-private-endpoint'
+  location: resourceGroup().location
+  properties: {
+    subnet: {
+      id: cxSubnet.id                    // Deploy in customer hub subnet
+    }
+    privateLinkServiceConnections: [
+      {
+        name: '${aiServicesName}-openAi-private-link-service-connection'
+        properties: {
+          privateLinkServiceId: aiServices.id
+          groupIds: [
+            'account'                     // Target AI Services account
+          ]
+        }
+      }
+    ]
+  }
+}
+
 /* -------------------------------------------- AI Search Private Endpoint -------------------------------------------- */
 
 // Private endpoint for AI Search
@@ -143,6 +164,11 @@ resource aiServicesPrivateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01'
   location: 'global'
 }
 
+resource openAiPrivateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' = {
+  name: 'privatelink.openai.azure.com'
+  location: 'global'
+}
+
 // Link AI Services DNS Zone to VNet
 resource aiServicesLink 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2024-06-01' = {
   parent: aiServicesPrivateDnsZone
@@ -156,6 +182,18 @@ resource aiServicesLink 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2
   }
 }
 
+resource aiOpenAILink 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2024-06-01' = {
+  parent: openAiPrivateDnsZone
+  location: 'global'
+  name: 'aiServicesOpenAI-${suffix}-link'
+  properties: {
+    virtualNetwork: {
+      id: vnet.id                        // Link to specified VNet
+    }
+    registrationEnabled: false           // Don't auto-register VNet resources
+  }
+}
+
 // DNS Zone Group for AI Services
 resource aiServicesDnsGroup 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2024-05-01' = {
   parent: aiServicesPrivateEndpoint
@@ -172,6 +210,22 @@ resource aiServicesDnsGroup 'Microsoft.Network/privateEndpoints/privateDnsZoneGr
   }
 }
 
+// DNS Zone Group for Azure OpenAI
+resource aiOpenAIDnsGroup 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2024-05-01' = {
+  parent: aiServiceOpenAiPrivateEndpoint
+  name: '${aiServicesName}-openAi-dns-group'
+  properties: {
+    privateDnsZoneConfigs: [
+      {
+        name: '${aiServicesName}-openAi-dns-config'
+        properties: {
+          privateDnsZoneId: openAiPrivateDnsZone.id
+        }
+      }
+    ]
+  }
+}
+
 // Private DNS Zone for AI Search
 // - Enables custom DNS resolution for AI Search private endpoint
 resource aiSearchPrivateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' = {
