Merge pull request #41 from nick863/nirovins/add_index

Add possibility to exploit index search instead of file

Author: nick863

README.md

@@ -50,16 +50,20 @@ git clone https://github.com/Azure-Samples/get-started-with-ai-agents.git
 ```
 At this point you could make changes to the code if required. However, no changes are needed to deploy and test the app as shown in the next step.
 
-#### Configure your Agent (optional)
+#### How to configure Agent model and version
 <!-- TODO where do we want this? probably after downloading the code -->
-If you want to personalize your agent, you can change the default configuration for your agent. Additional details on changing your agent can be found in [customizing model deployments](docs/deploy_customization.md#customizing-model-deployments). For more information on the Azure OpenAI models and non-Microsoft models that can be used in your deployment, view the [list of models supported by Azure AI Agent Service](https://learn.microsoft.com/azure/ai-services/agents/concepts/model-region-support).
+By default, the template uses model `gpt-4o-mini`, version `2024-07-18` for text generation and `text-embedding-3-small` version `1` for embeddings. If you want to personalize your agent, you can change the default configuration for your agent. Additional details on changing your agent can be found in [customizing model deployments](docs/deploy_customization.md#customizing-model-deployments). For more information on the Azure OpenAI models and non-Microsoft models that can be used in your deployment, view the [list of models supported by Azure AI Agent Service](https://learn.microsoft.com/azure/ai-services/agents/concepts/model-region-support).
 
 To specify the model (e.g. gpt-4o-mini, gpt-4o) that is deployed for the agent when `azd up` is called, set the following environment variables:
 ```shell
 azd env set AZURE_AI_AGENT_MODEL_NAME <MODEL_NAME>
 azd env set AZURE_AI_AGENT_MODEL_VERSION <MODEL_VERSION>
 ```
 
+#### How to configure Agent knowledge retrieval
+By default, the template deploys OpenAI's [file search](https://learn.microsoft.com/azure/ai-services/agents/how-to/tools/file-search?tabs=python&pivots=overview) for agent's knowledge retrieval. An agent also can perform search using the search index, deployed in Azure AI Search resource. The semantic index search represents so-called hybrid search i.e. it uses LLM to search for the relevant context in the provided index as well as embedding similarity search. This index is built from the `embeddings.csv` file, containing the embeddings vectors, followed by the contexts.
+To use index search, please set the local environment variable `USE_AZURE_AI_SEARCH_SERVICE` to `true` during the `azd up` command. In this case the Azure AI Search resource will be deployed and used.
+
 #### Logging
 If you want to enable logging to a file, uncomment the following line in Dockerfile located in the src directory:
 

azure.yaml

@@ -56,4 +56,6 @@ pipeline:
     - AZURE_AI_EMBED_MODEL_NAME
     - AZURE_AI_EMBED_MODEL_FORMAT
     - AZURE_AI_EMBED_MODEL_VERSION
+    - AZURE_AI_EMBED_DIMENSIONS
+    - AZURE_AI_SEARCH_INDEX_NAME
     - AZURE_EXISTING_AIPROJECT_CONNECTION_STRING

infra/api.bicep

@@ -9,6 +9,11 @@ param serviceName string = 'api'
 param exists bool
 param projectConnectionString string
 param agentDeploymentName string
+param searchConnectionName string
+param embeddingDeploymentName string
+param aiSearchIndexName string
+param embeddingDeploymentDimensions string
+param searchServiceEndpoint string
 param agentName string
 param agentID string
 
@@ -38,10 +43,30 @@ var env = [
     name: 'AZURE_AI_AGENT_DEPLOYMENT_NAME'
     value: agentDeploymentName
   }
+  {
+    name: 'AZURE_AI_EMBED_DEPLOYMENT_NAME'
+    value: embeddingDeploymentName
+  }
+  {
+    name: 'AZURE_AI_SEARCH_INDEX_NAME'
+    value: aiSearchIndexName
+  }
+  {
+    name: 'AZURE_AI_EMBED_DIMENSIONS'
+    value: embeddingDeploymentDimensions
+  }
   {
     name: 'RUNNING_IN_PRODUCTION'
     value: 'true'
   }
+  {
+    name: 'AZURE_AI_SEARCH_CONNECTION_NAME'
+    value: searchConnectionName
+  }
+  {
+    name: 'AZURE_AI_SEARCH_ENDPOINT'
+    value: searchServiceEndpoint
+  }
 ]
 
 module app 'core/host/container-app-upsert.bicep' = {

infra/core/ai/hub-dependencies.bicep

@@ -142,6 +142,8 @@ module searchService '../search/search-services.bicep' =
       location: location
       tags: tags
       name: searchServiceName
+      semanticSearch: 'free'
+      authOptions: { aadOrApiKey: { aadAuthFailureMode: 'http401WithBearerChallenge'}}
     }
   }
 

infra/main.bicep

@@ -62,6 +62,8 @@ param keyVaultName string = ''
 param searchServiceName string = ''
 @description('The Azure Search connection name. If ommited will use a default value')
 param searchConnectionName string = ''
+@description('The search index name')
+param aiSearchIndexName string = ''
 @description('The Azure Storage Account resource name. If ommited will be generated')
 param storageAccountName string = ''
 @description('The log analytics workspace name. If ommited will be generated')
@@ -103,7 +105,9 @@ param embedModelFormat string
 @description('Name of the embedding model to deploy')
 param embedModelName string
 @description('Name of the embedding model deployment')
-param embedDeploymentName string
+param embeddingDeploymentName string
+@description('Embedding model dimensionality')
+param embeddingDeploymentDimensions string
 
 @description('Version of the embedding model to deploy')
 // See version availability in this table:
@@ -121,16 +125,20 @@ param embedDeploymentCapacity int
 
 param useContainerRegistry bool = true
 param useApplicationInsights bool = true
-param useSearch bool = false
+@description('Do we want to use the Azure AI Search')
+param useSearchService bool = false
+
+@description('Random seed to be used during generation of new resources suffixes.')
+param seed string = newGuid()
 
 var abbrs = loadJsonContent('./abbreviations.json')
-var resourceToken = toLower(uniqueString(subscription().id, environmentName, location))
+var resourceToken = toLower(uniqueString(subscription().id, environmentName, location, seed))
 var projectName = !empty(aiProjectName) ? aiProjectName : 'ai-project-${resourceToken}'
 var tags = { 'azd-env-name': environmentName }
 
 var agentID = !empty(aiAgentID) ? aiAgentID : ''
 
-var aiDeployments = [
+var aiChatModel = [
   {
     name: agentDeploymentName
     model: {
@@ -143,8 +151,10 @@ var aiDeployments = [
       capacity: agentDeploymentCapacity
     }
   }
+]
+var aiEmbeddingModel = [ 
   {
-    name: embedDeploymentName
+    name: embeddingDeploymentName
     model: {
       format: embedModelFormat
       name: embedModelName
@@ -157,6 +167,10 @@ var aiDeployments = [
   }
 ]
 
+var aiDeployments = concat(
+  aiChatModel,
+  useSearchService ? aiEmbeddingModel : [])
+
 //for container and app api
 param apiAppExists bool = false
 
@@ -173,6 +187,10 @@ var logAnalyticsWorkspaceResolvedName = !useApplicationInsights
       ? logAnalyticsWorkspaceName
       : '${abbrs.operationalInsightsWorkspaces}${resourceToken}'
 
+var resolvedSearchServiceName = !useSearchService
+  ? ''
+  : !empty(searchServiceName) ? searchServiceName : '${abbrs.searchSearchServices}${resourceToken}'
+
 var containerRegistryResolvedName = !useContainerRegistry
   ? ''
   : !empty(containerRegistryName) ? containerRegistryName : '${abbrs.containerRegistryRegistries}${resourceToken}'
@@ -197,15 +215,17 @@ module ai 'core/host/ai-environment.bicep' = if (empty(aiExistingProjectConnecti
       ? ''
       : !empty(applicationInsightsName) ? applicationInsightsName : '${abbrs.insightsComponents}${resourceToken}'
     containerRegistryName: containerRegistryResolvedName
-    searchServiceName: !useSearch
-      ? ''
-      : !empty(searchServiceName) ? searchServiceName : '${abbrs.searchSearchServices}${resourceToken}'
-    searchConnectionName: !useSearch
+    searchServiceName: resolvedSearchServiceName
+    searchConnectionName: !useSearchService
       ? ''
       : !empty(searchConnectionName) ? searchConnectionName : 'search-service-connection'
   }
 }
 
+var searchServiceEndpoint = !useSearchService
+  ? ''
+  : ai.outputs.searchServiceEndpoint
+
 // If bringing an existing AI project, set up the log analytics workspace here
 module logAnalytics 'core/monitor/loganalytics.bicep' = if (!empty(aiExistingProjectConnectionString)) {
   name: 'logAnalytics'
@@ -222,6 +242,75 @@ var projectConnectionString = empty(hostName)
   ? aiExistingProjectConnectionString
   : '${hostName};${subscription().subscriptionId};${rg.name};${projectName}'
 
+var resolvedApplicationInsightsName = !useApplicationInsights || !empty(aiExistingProjectConnectionString)
+  ? ''
+  : !empty(applicationInsightsName) ? applicationInsightsName : '${abbrs.insightsComponents}${resourceToken}'
+
+module monitoringMetricsContribuitorRoleAzureAIDeveloperRG 'core/security/appinsights-access.bicep' = if (!empty(resolvedApplicationInsightsName)) {
+  name: 'monitoringmetricscontributor-role-azureai-developer-rg'
+  scope: rg
+  params: {
+    appInsightsName: resolvedApplicationInsightsName
+    principalId: api.outputs.SERVICE_API_IDENTITY_PRINCIPAL_ID
+  }
+}
+
+resource existingProjectRG 'Microsoft.Resources/resourceGroups@2021-04-01' existing = if (!empty(aiExistingProjectConnectionString)) {
+  name: split(aiExistingProjectConnectionString, ';')[2]
+}
+
+module userRoleAzureAIDeveloperBackendExistingProjectRG 'core/security/role.bicep' = if (!empty(aiExistingProjectConnectionString)) {
+  name: 'backend-role-azureai-developer-existing-project-rg'
+  scope: existingProjectRG
+  params: {
+    principalId: api.outputs.SERVICE_API_IDENTITY_PRINCIPAL_ID
+    roleDefinitionId: '64702f94-c441-49e6-a78b-ef80e0188fee'
+  }
+}
+
+//Container apps host and api
+// Container apps host (including container registry)
+module containerApps 'core/host/container-apps.bicep' = {
+  name: 'container-apps'
+  scope: rg
+  params: {
+    name: 'app'
+    location: location
+    tags: tags
+    containerAppsEnvironmentName: 'containerapps-env-${resourceToken}'
+    containerRegistryName: empty(aiExistingProjectConnectionString)
+      ? ai.outputs.containerRegistryName
+      : containerRegistryResolvedName
+    logAnalyticsWorkspaceName: empty(aiExistingProjectConnectionString)
+      ? ai.outputs.logAnalyticsWorkspaceName
+      : logAnalytics.outputs.name
+  }
+}
+
+// API app
+module api 'api.bicep' = {
+  name: 'api'
+  scope: rg
+  params: {
+    name: 'ca-api-${resourceToken}'
+    location: location
+    tags: tags
+    identityName: '${abbrs.managedIdentityUserAssignedIdentities}api-${resourceToken}'
+    containerAppsEnvironmentName: containerApps.outputs.environmentName
+    containerRegistryName: containerApps.outputs.registryName
+    projectConnectionString: projectConnectionString
+    agentDeploymentName: agentDeploymentName
+    searchConnectionName: searchConnectionName
+    aiSearchIndexName: aiSearchIndexName
+    searchServiceEndpoint: searchServiceEndpoint
+    embeddingDeploymentName: embeddingDeploymentName
+    embeddingDeploymentDimensions: embeddingDeploymentDimensions
+    agentName: agentName
+    agentID: agentID
+    exists: apiAppExists
+  }
+}
+
 module userAcrRolePush 'core/security/role.bicep' = if (!empty(principalId)) {
   name: 'user-role-acr-push'
   scope: rg
@@ -267,76 +356,66 @@ module userRoleAzureAIDeveloper 'core/security/role.bicep' = if (!empty(principa
   }
 }
 
-module backendRoleAzureAIDeveloperRG 'core/security/role.bicep' = {
-  name: 'backend-role-azureai-developer-rg'
+module backendRoleSearchIndexDataContributorRG 'core/security/role.bicep' = if (useSearchService) {
+  name: 'backend-role-azure-index-data-contributor-rg'
   scope: rg
   params: {
     principalId: api.outputs.SERVICE_API_IDENTITY_PRINCIPAL_ID
-    roleDefinitionId: '64702f94-c441-49e6-a78b-ef80e0188fee'
+    roleDefinitionId: '8ebe5a00-799e-43f5-93ac-243d3dce84a7'
   }
 }
 
-var resolvedApplicationInsightsName = !useApplicationInsights || !empty(aiExistingProjectConnectionString)
-  ? ''
-  : !empty(applicationInsightsName) ? applicationInsightsName : '${abbrs.insightsComponents}${resourceToken}'
+module backendRoleSearchIndexDataReaderRG 'core/security/role.bicep' = if (useSearchService) {
+  name: 'backend-role-azure-index-data-reader-rg'
+  scope: rg
+  params: {
+    principalId: api.outputs.SERVICE_API_IDENTITY_PRINCIPAL_ID
+    roleDefinitionId: '1407120a-92aa-4202-b7e9-c0e197c71c8f'
+  }
+}
 
-module monitoringMetricsContribuitorRoleAzureAIDeveloperRG 'core/security/appinsights-access.bicep' = if (!empty(resolvedApplicationInsightsName)) {
-  name: 'monitoringmetricscontributor-role-azureai-developer-rg'
+module backendRoleSearchServiceContributorRG 'core/security/role.bicep' = if (useSearchService) {
+  name: 'backend-role-azure-search-service-contributor-rg'
   scope: rg
   params: {
-    appInsightsName: resolvedApplicationInsightsName
     principalId: api.outputs.SERVICE_API_IDENTITY_PRINCIPAL_ID
+    roleDefinitionId: '7ca78c08-252a-4471-8644-bb5ff32d4ba0'
   }
 }
 
-resource existingProjectRG 'Microsoft.Resources/resourceGroups@2021-04-01' existing = if (!empty(aiExistingProjectConnectionString)) {
-  name: split(aiExistingProjectConnectionString, ';')[2]
+module userRoleSearchIndexDataContributorRG 'core/security/role.bicep' = if (useSearchService && !empty(principalId)) {
+  name: 'user-role-azure-index-data-contributor-rg'
+  scope: rg
+  params: {
+    principalId: principalId
+    roleDefinitionId: '8ebe5a00-799e-43f5-93ac-243d3dce84a7'
+  }
 }
 
-module userRoleAzureAIDeveloperBackendExistingProjectRG 'core/security/role.bicep' = if (!empty(aiExistingProjectConnectionString)) {
-  name: 'backend-role-azureai-developer-existing-project-rg'
-  scope: existingProjectRG
+module userRoleSearchIndexDataReaderRG 'core/security/role.bicep' = if (useSearchService && !empty(principalId)) {
+  name: 'user-role-azure-index-data-reader-rg'
+  scope: rg
   params: {
-    principalId: api.outputs.SERVICE_API_IDENTITY_PRINCIPAL_ID
-    roleDefinitionId: '64702f94-c441-49e6-a78b-ef80e0188fee'
+    principalId: principalId
+    roleDefinitionId: '1407120a-92aa-4202-b7e9-c0e197c71c8f'
   }
 }
 
-//Container apps host and api
-// Container apps host (including container registry)
-module containerApps 'core/host/container-apps.bicep' = {
-  name: 'container-apps'
+module userRoleSearchServiceContributorRG 'core/security/role.bicep' = if (useSearchService && !empty(principalId)) {
+  name: 'user-role-azure-search-service-contributor-rg'
   scope: rg
   params: {
-    name: 'app'
-    location: location
-    tags: tags
-    containerAppsEnvironmentName: 'containerapps-env-${resourceToken}'
-    containerRegistryName: empty(aiExistingProjectConnectionString)
-      ? ai.outputs.containerRegistryName
-      : containerRegistryResolvedName
-    logAnalyticsWorkspaceName: empty(aiExistingProjectConnectionString)
-      ? ai.outputs.logAnalyticsWorkspaceName
-      : logAnalytics.outputs.name
+    principalId: principalId
+    roleDefinitionId: '7ca78c08-252a-4471-8644-bb5ff32d4ba0'
   }
 }
 
-// API app
-module api 'api.bicep' = {
-  name: 'api'
+module backendRoleAzureAIDeveloperRG 'core/security/role.bicep' = {
+  name: 'backend-role-azureai-developer-rg'
   scope: rg
   params: {
-    name: 'ca-api-${resourceToken}'
-    location: location
-    tags: tags
-    identityName: '${abbrs.managedIdentityUserAssignedIdentities}api-${resourceToken}'
-    containerAppsEnvironmentName: containerApps.outputs.environmentName
-    containerRegistryName: containerApps.outputs.registryName
-    projectConnectionString: projectConnectionString
-    agentDeploymentName: agentDeploymentName
-    agentName: agentName
-    agentID: agentID
-    exists: apiAppExists
+    principalId: api.outputs.SERVICE_API_IDENTITY_PRINCIPAL_ID
+    roleDefinitionId: '64702f94-c441-49e6-a78b-ef80e0188fee'
   }
 }
 
@@ -346,6 +425,11 @@ output AZURE_RESOURCE_GROUP string = rg.name
 output AZURE_TENANT_ID string = tenant().tenantId
 output AZURE_AIPROJECT_CONNECTION_STRING string = projectConnectionString
 output AZURE_AI_AGENT_DEPLOYMENT_NAME string = agentDeploymentName
+output AZURE_AI_SEARCH_CONNECTION_NAME string = searchConnectionName
+output AZURE_AI_EMBED_DEPLOYMENT_NAME string = embeddingDeploymentName
+output AZURE_AI_SEARCH_INDEX_NAME string = aiSearchIndexName
+output AZURE_AI_SEARCH_ENDPOINT string = searchServiceEndpoint
+output AZURE_AI_EMBED_DIMENSIONS string = embeddingDeploymentDimensions
 output AZURE_AI_AGENT_NAME string = agentName
 output AZURE_AI_AGENT_ID string = agentID