code cleanup and removal of unnecessary variables

Author: jgbradley1

infra/core/scripts/deployment-script.bicep

@@ -1,85 +1,65 @@
-param name string
 param utcValue string
 param location string
-param subscriptionId string
-param tenantid string
 
-param azure_acr_login_server string
-
-param azure_location string
-
-param azure_aks_name string
-param azure_aks_controlplanefqdn string
-param azure_aks_managed_rg string
-param azure_aks_service_account_name string
-
-param azure_apim_gateway_url string
-param azure_apim_name string
-
-param managed_identity_aks string
+param acr_login_server string
 
+param ai_search_audience string = 'https://search.azure.com'
 param ai_search_name string
-
+param ai_search_endpoint_suffix string = 'search.windows.net'
+
+param aks_name string
+param aks_service_account_name string
+param aks_managed_identity string
+
+param aoai_endpoint string
+param aoai_llm_model string
+param aoai_llm_model_deployment_name string
+param aoai_llm_model_api_version string
+param aoai_embedding_model string
+param aoai_embedding_model_deployment_name string
+param aoai_embedding_model_api_version string
+
+param app_hostname string
+param app_insights_connection_string string
+param cosmosdb_endpoint string
 param image_name string
 param image_version string
 param script_file string
-
-param azure_aoai_endpoint string
-param azure_aoai_llm_model string
-param azure_aoai_llm_model_deployment_name string
-param azure_aoai_llm_model_api_version string
-param azure_aoai_embedding_model string
-param azure_aoai_embedding_model_deployment_name string
-param azure_aoai_embedding_model_api_version string
-
-param azure_app_hostname string
-param azure_app_url string
-param azure_app_insights_connection_string string
-
-param azure_cosmosdb_endpoint string
-param azure_cosmosdb_name string
-param azure_cosmosdb_id string
-param azure_dns_zone_name string
-
-param azure_storage_account string
-param azure_storage_account_blob_url string
-
-param azure_workload_identity_client_id string
-param azure_workload_identity_principal_id string
-param azure_workload_identity_name string
-
+param storage_account_blob_url string
+param workload_identity_client_id string
 param cognitive_services_audience string = 'https://cognitiveservices.azure.com/default'
 
 param public_storage_account_name string
+@secure()
 param public_storage_account_key string
 
 var clusterAdminRoleDefinitionId = resourceId(
   'Microsoft.Authorization/roleDefinitions',
-  '0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8'
+  'b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b' // 'Azure Kubernetes Service RBAC Cluster Admin' role
 )
 
 // Resources
 resource aksCluster 'Microsoft.ContainerService/managedClusters@2024-09-02-preview' existing = {
-  name: azure_aks_name
+  name: aks_name
 }
 
 resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
-  name: uniqueString(resourceGroup().id)
+  name: 'deployment-script-id-${uniqueString(resourceGroup().id)}'
   location: location
 }
 
-resource clusterAdminContributorRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  name: guid(managed_identity_aks, aksCluster.id, clusterAdminRoleDefinitionId)
+resource clusterAdminRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(managedIdentity.id, aksCluster.id, clusterAdminRoleDefinitionId)
   scope: aksCluster
   properties: {
-    roleDefinitionId: clusterAdminRoleDefinitionId
     principalId: managedIdentity.properties.principalId
     principalType: 'ServicePrincipal'
+    roleDefinitionId: clusterAdminRoleDefinitionId
   }
 }
 
 resource deploymentScript 'Microsoft.Resources/deploymentScripts@2023-08-01' = {
-  name: name
+  name: 'deployment-script-deployment'
   location: location
   kind: 'AzureCLI'
   identity: {
@@ -98,48 +78,53 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@2023-08-01' = {
     timeout: 'PT1H'
     environmentVariables: [
       {
-        name: 'AZURE_SUBSCRIPTION_ID'
-        value: subscriptionId
+        name: 'ACR_SERVER'
+        value: acr_login_server
       }
+      { name: 'AI_SEARCH_AUDIENCE', value: ai_search_audience }
+      { name: 'AI_SEARCH_ENDPOINT_SUFFIX', value: ai_search_endpoint_suffix }
       {
-        name: 'AZURE_TENANT_ID'
-        value: tenantid
+        name: 'AI_SEARCH_NAME'
+        value: ai_search_name
       }
       {
-        name: 'ACR_SERVER'
-        value: azure_acr_login_server
+        name: 'AKS_NAME'
+        value: aks_name
       }
       {
-        name: 'AZURE_LOCATION'
-        value: azure_location
+        name: 'AKS_SERVICE_ACCOUNT_NAME'
+        value: aks_service_account_name
       }
       {
-        name: 'AZURE_AKS_NAME'
-        value: azure_aks_name
+        name: 'AOAI_LLM_MODEL'
+        value: aoai_llm_model
       }
       {
-        name: 'AZURE_AKS_CONTROLPLANEFQDN'
-        value: azure_aks_controlplanefqdn
+        name: 'AOAI_LLM_MODEL_DEPLOYMENT_NAME'
+        value: aoai_llm_model_deployment_name
       }
       {
-        name: 'AZURE_AKS_MANAGED_RG'
-        value: azure_aks_managed_rg
+        name: 'AOAI_LLM_MODEL_API_VERSION'
+        value: aoai_llm_model_api_version
       }
       {
-        name: 'AZURE_AKS_SERVICE_ACCOUNT_NAME'
-        value: azure_aks_service_account_name
+        name: 'AOAI_EMBEDDING_MODEL'
+        value: aoai_embedding_model
       }
       {
-        name: 'AZURE_APIM_GATEWAY_URL'
-        value: azure_apim_gateway_url
+        name: 'AOAI_EMBEDDING_MODEL_DEPLOYMENT_NAME'
+        value: aoai_embedding_model_deployment_name
       }
+      { name: 'AOAI_EMBEDDING_MODEL_API_VERSION', value: aoai_embedding_model_api_version }
+      { name: 'APP_HOSTNAME', value: app_hostname }
+      { name: 'APP_INSIGHTS_CONNECTION_STRING', value: app_insights_connection_string }
       {
-        name: 'AZURE_APIM_NAME'
-        value: azure_apim_name
+        name: 'COGNITIVE_SERVICES_AUDIENCE'
+        value: cognitive_services_audience
       }
       {
-        name: 'MANAGED_IDENTITY_AKS'
-        value: managed_identity_aks
+        name: 'COSMOSDB_ENDPOINT'
+        value: cosmosdb_endpoint
       }
       {
         name: 'IMAGE_NAME'
@@ -150,71 +135,21 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@2023-08-01' = {
         value: image_version
       }
       {
-        name: 'AI_SEARCH_NAME'
-        value: ai_search_name
-      }
-
-      {
-        name: 'AZURE_AOAI_LLM_MODEL'
-        value: azure_aoai_llm_model
-      }
-      {
-        name: 'AZURE_AOAI_LLM_MODEL_DEPLOYMENT_NAME'
-        value: azure_aoai_llm_model_deployment_name
-      }
-      {
-        name: 'AZURE_AOAI_LLM_MODEL_API_VERSION'
-        value: azure_aoai_llm_model_api_version
-      }
-      {
-        name: 'AZURE_AOAI_EMBEDDING_MODEL'
-        value: azure_aoai_embedding_model
-      }
-      {
-        name: 'AZURE_AOAI_EMBEDDING_MODEL_DEPLOYMENT_NAME'
-        value: azure_aoai_embedding_model_deployment_name
+        name: 'OPENAI_ENDPOINT'
+        value: aoai_endpoint
       }
-      { name: 'AZURE_AOAI_EMBEDDING_MODEL_API_VERSION', value: azure_aoai_embedding_model_api_version }
-      { name: 'AZURE_APP_HOSTNAME', value: azure_app_hostname }
-      { name: 'AZURE_APP_URL', value: azure_app_url }
-      { name: 'AZURE_APP_INSIGHTS_CONNECTION_STRING', value: azure_app_insights_connection_string }
       {
-        name: 'AZURE_COSMOSDB_ENDPOINT'
-        value: azure_cosmosdb_endpoint
-      }
-      { name: 'AZURE_COSMOSDB_NAME', value: azure_cosmosdb_name }
-      { name: 'AZURE_COSMOSDB_ID', value: azure_cosmosdb_id }
-      { name: 'AZURE_DNS_ZONE_NAME', value: azure_dns_zone_name }
-      { name: 'AZURE_STORAGE_ACCOUNT', value: azure_storage_account }
-      { name: 'AZURE_STORAGE_ACCOUNT_BLOB_URL', value: azure_storage_account_blob_url }
-      {
-        name: 'AZURE_WORKLOAD_IDENTITY_CLIENT_ID'
-        value: azure_workload_identity_client_id
-      }
-      {
-        name: 'AZURE_WORKLOAD_IDENTITY_PRINCIPAL_ID'
-        value: azure_workload_identity_principal_id
-      }
-      {
-        name: 'AZURE_WORKLOAD_IDENTITY_NAME'
-        value: azure_workload_identity_name
-      }
-      {
-        name: 'COGNITIVE_SERVICES_AUDIENCE'
-        value: cognitive_services_audience
-      }
-      {
-        name: 'AZURE_OPENAI_ENDPOINT'
-        value: azure_aoai_endpoint
+        name: 'RESOURCE_GROUP'
+        value: resourceGroup().name
       }
+      { name: 'STORAGE_ACCOUNT_BLOB_URL', value: storage_account_blob_url }
       {
-        name: 'AZURE_RESOURCE_GROUP'
-        value: resourceGroup().name
+        name: 'WORKLOAD_IDENTITY_CLIENT_ID'
+        value: workload_identity_client_id
       }
     ]
     cleanupPreference: 'OnSuccess'
     retentionInterval: 'P1D'
-    //primaryScriptUri: primaryScriptUri
     scriptContent: script_file
   }
   dependsOn: [

infra/deploy.sh

@@ -567,14 +567,14 @@ installGraphRAGHelmChart () {
         --set "graphragConfig.AI_SEARCH_URL=https://$aiSearchName.$AISEARCH_ENDPOINT_SUFFIX" \
         --set "graphragConfig.AI_SEARCH_AUDIENCE=$AI_SEARCH_AUDIENCE" \
         --set "graphragConfig.APPLICATIONINSIGHTS_CONNECTION_STRING=$appInsightsConnectionString" \
+        --set "graphragConfig.COGNITIVE_SERVICES_AUDIENCE=$COGNITIVE_SERVICES_AUDIENCE" \
         --set "graphragConfig.COSMOS_URI_ENDPOINT=$cosmosEndpoint" \
         --set "graphragConfig.GRAPHRAG_API_BASE=$graphragApiBase" \
         --set "graphragConfig.GRAPHRAG_API_VERSION=$graphragApiVersion" \
         --set "graphragConfig.GRAPHRAG_LLM_MODEL=$graphragLlmModel" \
         --set "graphragConfig.GRAPHRAG_LLM_DEPLOYMENT_NAME=$graphragLlmModelDeployment" \
         --set "graphragConfig.GRAPHRAG_EMBEDDING_MODEL=$graphragEmbeddingModel" \
         --set "graphragConfig.GRAPHRAG_EMBEDDING_DEPLOYMENT_NAME=$graphragEmbeddingModelDeployment" \
-        --set "graphragConfig.COGNITIVE_SERVICES_AUDIENCE=$COGNITIVE_SERVICES_AUDIENCE" \
         --set "graphragConfig.STORAGE_ACCOUNT_BLOB_URL=$storageAccountBlobUrl"
 
     local helmResult

infra/main.bicep

@@ -408,47 +408,32 @@ module privateLinkScopePrivateEndpoint 'core/vnet/private-endpoint.bicep' = if (
 
 // the following deploymentScript module will only be deployed when performing a managed app deployment
 module deploymentScript 'core/scripts/deployment-script.bicep' = if (!empty(publicStorageAccountName) && !empty(publicStorageAccountKey)) {
-  name: utcString
+  name: 'deploy-script-deployment-${utcString}'
   params: {
-    name: 'graphragscript'
     location: location
-    tenantid: tenant().tenantId
-    subscriptionId: subscription().id
     script_file: loadTextContent('managed-app/artifacts/scripts/updategraphrag.sh')
     public_storage_account_name: publicStorageAccountName
     public_storage_account_key: publicStorageAccountKey
-    utcValue: utcString
+    acr_login_server: deployAcr ? acr.outputs.loginServer : existingAcrLoginServer
     ai_search_name: aiSearch.name
-    azure_location: location
-    azure_acr_login_server: deployAcr ? acr.outputs.loginServer : existingAcrLoginServer
-    azure_aks_name: aks.outputs.name
-    azure_aks_controlplanefqdn: aks.outputs.controlPlaneFqdn
-    azure_aks_managed_rg: aks.outputs.managedResourceGroup
-    azure_aks_service_account_name: aksServiceAccountName
-    azure_aoai_endpoint: aoai.outputs.endpoint
-    azure_aoai_llm_model: aoai.outputs.llmModel
-    azure_aoai_llm_model_deployment_name: aoai.outputs.llmModelDeploymentName
-    azure_aoai_llm_model_api_version: aoai.outputs.llmModelApiVersion
-    azure_aoai_embedding_model: aoai.outputs.embeddingModel
-    azure_aoai_embedding_model_deployment_name: aoai.outputs.embeddingModelDeploymentName
-    azure_aoai_embedding_model_api_version: aoai.outputs.embeddingModelApiVersion
-    azure_apim_gateway_url: apim.outputs.apimGatewayUrl
-    azure_apim_name: apim.outputs.name
-    azure_app_hostname: appHostname
-    azure_app_url: appUrl
-    azure_app_insights_connection_string: appInsights.outputs.connectionString
-    azure_cosmosdb_endpoint: cosmosdb.outputs.endpoint
-    azure_cosmosdb_name: cosmosdb.outputs.name
-    azure_cosmosdb_id: cosmosdb.outputs.id
-    azure_dns_zone_name: privateDnsZone.outputs.name
-    azure_storage_account: storage.outputs.name
-    azure_storage_account_blob_url: storage.outputs.primaryEndpoints.blob
-    azure_workload_identity_client_id: workloadIdentity.outputs.clientId
-    azure_workload_identity_principal_id: workloadIdentity.outputs.principalId
-    azure_workload_identity_name: workloadIdentity.outputs.name
+    aks_name: aks.outputs.name
+    aks_service_account_name: aksServiceAccountName
+    aoai_endpoint: aoai.outputs.endpoint
+    aoai_llm_model: aoai.outputs.llmModel
+    aoai_llm_model_deployment_name: aoai.outputs.llmModelDeploymentName
+    aoai_llm_model_api_version: aoai.outputs.llmModelApiVersion
+    aoai_embedding_model: aoai.outputs.embeddingModel
+    aoai_embedding_model_deployment_name: aoai.outputs.embeddingModelDeploymentName
+    aoai_embedding_model_api_version: aoai.outputs.embeddingModelApiVersion
+    app_hostname: appHostname
+    app_insights_connection_string: appInsights.outputs.connectionString
+    cosmosdb_endpoint: cosmosdb.outputs.endpoint
     image_name: graphragImageName
     image_version: graphragImageVersion
-    managed_identity_aks: aks.outputs.systemIdentity
+    aks_managed_identity: aks.outputs.systemIdentity
+    storage_account_blob_url: storage.outputs.primaryEndpoints.blob
+    utcValue: utcString
+    workload_identity_client_id: workloadIdentity.outputs.clientId
   }
 }