-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathazure.yaml
More file actions
179 lines (155 loc) · 7.7 KB
/
azure.yaml
File metadata and controls
179 lines (155 loc) · 7.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
# yaml-language-server: $schema=https://raw.githubusercontent.com/Azure/azure-dev/main/schemas/v1.0/azure.yaml.json
name: fabric-keyvault-openai-secrets
metadata:
template: fabric-keyvault-openai-secrets@0.0.1-beta
summary: Deploy Azure KeyVault and OpenAI for Microsoft Fabric Workspace Identity
description: |
This template deploys an Azure KeyVault configured for Microsoft Fabric Workspace Identity access,
along with an Azure OpenAI account. The OpenAI endpoint and API key are automatically stored
as secrets in the KeyVault for secure access from Fabric notebooks.
# Main infrastructure deployment
infra:
provider: bicep
path: ./infra
# No services (this is infrastructure-only)
services: {}
hooks:
preprovision:
windows:
shell: pwsh
run: |
Write-Host "Setting user UPN for tagging..."
$userUpn = az account show --query user.name -o tsv
if ([string]::IsNullOrWhiteSpace($userUpn) -or $userUpn -eq "null") {
throw "⚠️ Could not retrieve user UPN. Please ensure you are logged in to Azure CLI."
}
azd env set AZURE_USER_UPN "$userUpn"
Write-Host "Set AZURE_USER_UPN to: $userUpn"
Write-Host "Setting user principal ID for access policies..."
$principalId = az ad signed-in-user show --query id -o tsv
if ([string]::IsNullOrWhiteSpace($principalId) -or $principalId -eq "null") {
throw "⚠️ Could not retrieve user principal ID. Please ensure you are logged in to Azure CLI with appropriate permissions."
}
azd env set AZURE_PRINCIPAL_ID "$principalId"
Write-Host "Set AZURE_PRINCIPAL_ID to: $principalId"
Write-Host ""
Write-Host "Fabric Workspace Setup:"
# Check if workspace name is already set
$existingWorkspaceName = azd env get-value AZURE_FABRIC_WORKSPACE_NAME 2>$null
if (![string]::IsNullOrWhiteSpace($existingWorkspaceName)) {
Write-Host "Using existing workspace name: $existingWorkspaceName" -ForegroundColor Green
$workspaceName = $existingWorkspaceName
} else {
$workspaceName = Read-Host "Enter Fabric workspace name"
if (![string]::IsNullOrWhiteSpace($workspaceName)) {
azd env set AZURE_FABRIC_WORKSPACE_NAME "$workspaceName"
}
}
if (![string]::IsNullOrWhiteSpace($workspaceName)) {
Write-Host "Looking up Enterprise Application for workspace: $workspaceName"
$objectId = az ad sp list --display-name "$workspaceName" --query "[0].id" -o tsv
if (![string]::IsNullOrWhiteSpace($objectId) -and $objectId -ne "null") {
azd env set AZURE_FABRIC_WORKSPACE_OBJECT_ID $objectId
Write-Host "✓ Found and set AZURE_FABRIC_WORKSPACE_OBJECT_ID to: $objectId"
} else {
throw "⚠️ Could not find Enterprise Application for workspace: $workspaceName"
}
} else {
throw "⚠️ Missing Fabric workspace name. Cannot complete deployment."
}
interactive: true
continueOnError: false
posix:
shell: sh
run: |
echo "Setting user UPN for tagging..."
userUpn=$(az account show --query user.name -o tsv)
if [ -z "$userUpn" ] || [ "$userUpn" = "null" ]; then
echo "⚠️ Could not retrieve user UPN. Please ensure you are logged in to Azure CLI." >&2
exit 1
fi
azd env set AZURE_USER_UPN "$userUpn"
echo "Set AZURE_USER_UPN to: $userUpn"
echo "Setting user principal ID for access policies..."
principalId=$(az ad signed-in-user show --query id -o tsv)
if [ -z "$principalId" ] || [ "$principalId" = "null" ]; then
echo "⚠️ Could not retrieve user principal ID. Please ensure you are logged in to Azure CLI with appropriate permissions." >&2
exit 1
fi
azd env set AZURE_PRINCIPAL_ID "$principalId"
echo "Set AZURE_PRINCIPAL_ID to: $principalId"
echo ""
echo "Fabric Workspace Setup:"
# Check if workspace name is already set
existingWorkspaceName=$(azd env get-value AZURE_FABRIC_WORKSPACE_NAME 2>/dev/null || echo "")
if [ ! -z "$existingWorkspaceName" ]; then
echo "Using existing workspace name: $existingWorkspaceName"
workspaceName="$existingWorkspaceName"
else
read -p "Enter Fabric workspace name: " workspaceName
if [ ! -z "$workspaceName" ]; then
azd env set AZURE_FABRIC_WORKSPACE_NAME "$workspaceName"
fi
fi
if [ ! -z "$workspaceName" ]; then
echo "Looking up Enterprise Application for workspace: $workspaceName"
objectId=$(az ad sp list --display-name "$workspaceName" --query "[0].id" -o tsv)
if [ ! -z "$objectId" ] && [ "$objectId" != "null" ]; then
azd env set AZURE_FABRIC_WORKSPACE_OBJECT_ID "$objectId"
echo "✓ Found and set AZURE_FABRIC_WORKSPACE_OBJECT_ID to: $objectId"
else
echo "⚠️ Could not find Enterprise Application for workspace: $workspaceName" >&2
exit 1
fi
else
echo "⚠️ Missing Fabric workspace name. Cannot complete deployment." >&2
exit 1
fi
interactive: true
continueOnError: false
postprovision:
windows:
shell: pwsh
run: |
Write-Host ""
Write-Host "Key Deployment Outputs:" -ForegroundColor Green
Write-Host "======================" -ForegroundColor Green
# Get environment values and parse them properly
$envOutput = azd env get-values
$envValues = @{}
$envOutput | ForEach-Object {
if ($_ -match '^(.+?)="(.+)"$') {
$envValues[$matches[1]] = $matches[2]
}
}
Write-Host "KEYVAULT_URI=" -NoNewline -ForegroundColor Cyan
Write-Host "`"$($envValues["KEYVAULT_URI"])`"" -ForegroundColor White
Write-Host "KEYVAULT_OPENAI_ENDPOINT=" -NoNewline -ForegroundColor Cyan
Write-Host "`"$($envValues["KEYVAULT_OPENAI_ENDPOINT"])`"" -ForegroundColor White
Write-Host "KEYVAULT_OPENAI_API_KEY=" -NoNewline -ForegroundColor Cyan
Write-Host "`"$($envValues["KEYVAULT_OPENAI_API_KEY"])`"" -ForegroundColor White
Write-Host "OPENAI_GPT_MODEL=" -NoNewline -ForegroundColor Cyan
Write-Host "`"$($envValues["OPENAI_GPT_MODEL"])`"" -ForegroundColor White
Write-Host "OPENAI_EMBEDDING_MODEL=" -NoNewline -ForegroundColor Cyan
Write-Host "`"$($envValues["OPENAI_EMBEDDING_MODEL"])`"" -ForegroundColor White
interactive: true
continueOnError: false
posix:
shell: sh
run: |
echo ""
echo "🚀 Deployment Complete! Key Output Values:"
echo "=========================================="
envValues=$(azd env get-values)
keyvaultUri=$(echo "$envValues" | grep "KEYVAULT_URI" | cut -d'=' -f2 | tr -d '"')
keyvaultEndpoint=$(echo "$envValues" | grep "KEYVAULT_OPENAI_ENDPOINT" | cut -d'=' -f2 | tr -d '"')
keyvaultApiKey=$(echo "$envValues" | grep "KEYVAULT_OPENAI_API_KEY" | cut -d'=' -f2 | tr -d '"')
gptModel=$(echo "$envValues" | grep "OPENAI_GPT_MODEL" | cut -d'=' -f2 | tr -d '"')
embeddingModel=$(echo "$envValues" | grep "OPENAI_EMBEDDING_MODEL" | cut -d'=' -f2 | tr -d '"')
echo "KEYVAULT_URI=\"$keyvaultUri\""
echo "KEYVAULT_OPENAI_ENDPOINT=\"$keyvaultEndpoint\""
echo "KEYVAULT_OPENAI_API_KEY=\"$keyvaultApiKey\""
echo "OPENAI_GPT_MODEL=\"$gptModel\""
echo "OPENAI_EMBEDDING_MODEL=\"$embeddingModel\""
interactive: true
continueOnError: false