Skip to content

Commit 8e109eb

Browse files
oliverlabsoliverlabs
committed
Refactor Bicep files for improved readability and compliance with Azure policies (TLS1.2 support for SQL) and increased quota for Azure AI Foundry GPT-4o deployment to avoid time outs.
1 parent 4efa62b commit 8e109eb

File tree

2 files changed

+57
-62
lines changed

2 files changed

+57
-62
lines changed

infra/deploy_sql_db.bicep

Lines changed: 18 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -7,28 +7,29 @@ param keyVaultName string
77
param managedIdentityObjectId string
88
param managedIdentityName string
99

10-
var serverName = '${ solutionName }-sql-server'
11-
var sqlDBName = '${ solutionName }-sql-db'
10+
var serverName = '${solutionName }-sql-server'
11+
var sqlDBName = '${solutionName }-sql-db'
1212
var location = solutionLocation
1313
var administratorLogin = 'sqladmin'
1414
var administratorLoginPassword = 'TestPassword_1234'
1515

1616
resource sqlServer 'Microsoft.Sql/servers@2023-08-01-preview' = {
1717
name: serverName
1818
location: location
19-
kind:'v12.0'
19+
kind: 'v12.0'
2020
properties: {
21-
publicNetworkAccess: 'Enabled'
22-
version: '12.0'
23-
restrictOutboundNetworkAccess: 'Disabled'
24-
administrators: {
25-
login: managedIdentityName
26-
sid: managedIdentityObjectId
27-
tenantId: subscription().tenantId
28-
administratorType: 'ActiveDirectory'
29-
azureADOnlyAuthentication: true
30-
}
21+
publicNetworkAccess: 'Enabled'
22+
version: '12.0'
23+
restrictOutboundNetworkAccess: 'Disabled'
24+
minimalTlsVersion: '1.2' // Enforce TLS 1.2 to comply with Azure policy
25+
administrators: {
26+
login: managedIdentityName
27+
sid: managedIdentityObjectId
28+
tenantId: subscription().tenantId
29+
administratorType: 'ActiveDirectory'
30+
azureADOnlyAuthentication: true
3131
}
32+
}
3233
}
3334

3435
resource firewallRule 'Microsoft.Sql/servers/firewallRules@2023-08-01-preview' = {
@@ -59,11 +60,11 @@ resource sqlDB 'Microsoft.Sql/servers/databases@2023-08-01-preview' = {
5960
family: 'Gen5'
6061
capacity: 2
6162
}
62-
kind:'v12.0,user,vcore,serverless'
63+
kind: 'v12.0,user,vcore,serverless'
6364
properties: {
6465
collation: 'SQL_Latin1_General_CP1_CI_AS'
65-
autoPauseDelay:60
66-
minCapacity:1
66+
autoPauseDelay: 60
67+
minCapacity: 1
6768
readScale: 'Disabled'
6869
zoneRedundant: false
6970
}
@@ -77,7 +78,7 @@ resource sqldbServerEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview'
7778
parent: keyVault
7879
name: 'SQLDB-SERVER'
7980
properties: {
80-
value: '${serverName}.database.windows.net'
81+
value: '${serverName}${environment().suffixes.sqlServerHostname}'
8182
}
8283
}
8384

infra/main.bicep

Lines changed: 39 additions & 45 deletions
Original file line numberDiff line numberDiff line change
@@ -8,10 +8,7 @@ param environmentName string
88

99
@minLength(1)
1010
@description('Location for the Content Understanding service deployment:')
11-
@allowed(['swedencentral'
12-
'australiaeast'
13-
])
14-
11+
@allowed(['swedencentral', 'australiaeast'])
1512
@metadata({
1613
azd: {
1714
type: 'location'
@@ -49,7 +46,7 @@ var azureOpenAIApiVersion = '2024-02-15-preview'
4946
@description('Capacity of the GPT deployment:')
5047
// You can increase this, but capacity is limited per model/region, so you will get errors if you go over
5148
// https://learn.microsoft.com/en-us/azure/ai-services/openai/quotas-limits
52-
param gptDeploymentCapacity int = 30
49+
param gptDeploymentCapacity int = 653
5350

5451
@minLength(1)
5552
@description('Name of the Text Embedding model to deploy:')
@@ -58,7 +55,6 @@ param gptDeploymentCapacity int = 30
5855
])
5956
param embeddingModel string = 'text-embedding-ada-002'
6057

61-
6258
@minValue(10)
6359
@description('Capacity of the Embedding Model deployment')
6460
param embeddingDeploymentCapacity int = 80
@@ -73,7 +69,6 @@ var resourceGroupLocation = resourceGroup().location
7369
var solutionLocation = resourceGroupLocation
7470
var baseUrl = 'https://raw.githubusercontent.com/microsoft/Conversation-Knowledge-Mining-Solution-Accelerator/main/'
7571

76-
7772
// ========== Managed Identity ========== //
7873
module managedIdentityModule 'deploy_managed_identity.bicep' = {
7974
name: 'deploy_managed_identity'
@@ -90,7 +85,7 @@ module kvault 'deploy_keyvault.bicep' = {
9085
params: {
9186
solutionName: solutionPrefix
9287
solutionLocation: resourceGroupLocation
93-
managedIdentityObjectId:managedIdentityModule.outputs.managedIdentityOutput.objectId
88+
managedIdentityObjectId: managedIdentityModule.outputs.managedIdentityOutput.objectId
9489
}
9590
scope: resourceGroup(resourceGroup().name)
9691
}
@@ -109,7 +104,7 @@ module aifoundry 'deploy_ai_foundry.bicep' = {
109104
gptDeploymentCapacity: gptDeploymentCapacity
110105
embeddingModel: embeddingModel
111106
embeddingDeploymentCapacity: embeddingDeploymentCapacity
112-
managedIdentityObjectId:managedIdentityModule.outputs.managedIdentityOutput.objectId
107+
managedIdentityObjectId: managedIdentityModule.outputs.managedIdentityOutput.objectId
113108
}
114109
scope: resourceGroup(resourceGroup().name)
115110
}
@@ -121,7 +116,7 @@ module storageAccount 'deploy_storage_account.bicep' = {
121116
solutionName: solutionPrefix
122117
solutionLocation: solutionLocation
123118
keyVaultName: kvault.outputs.keyvaultName
124-
managedIdentityObjectId:managedIdentityModule.outputs.managedIdentityOutput.objectId
119+
managedIdentityObjectId: managedIdentityModule.outputs.managedIdentityOutput.objectId
125120
}
126121
scope: resourceGroup(resourceGroup().name)
127122
}
@@ -158,23 +153,23 @@ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
158153

159154
//========== Deployment script to upload sample data ========== //
160155
module uploadFiles 'deploy_post_deployment_scripts.bicep' = {
161-
name : 'deploy_post_deployment_scripts'
162-
params:{
156+
name: 'deploy_post_deployment_scripts'
157+
params: {
163158
solutionName: solutionPrefix
164159
solutionLocation: secondaryLocation
165160
baseUrl: baseUrl
166161
storageAccountName: storageAccount.outputs.storageName
167162
containerName: storageAccount.outputs.storageContainer
168-
managedIdentityObjectId:managedIdentityModule.outputs.managedIdentityOutput.id
169-
managedIdentityClientId:managedIdentityModule.outputs.managedIdentityOutput.clientId
170-
keyVaultName:aifoundry.outputs.keyvaultName
163+
managedIdentityObjectId: managedIdentityModule.outputs.managedIdentityOutput.id
164+
managedIdentityClientId: managedIdentityModule.outputs.managedIdentityOutput.clientId
165+
keyVaultName: aifoundry.outputs.keyvaultName
171166
logAnalyticsWorkspaceResourceName: aifoundry.outputs.logAnalyticsWorkspaceResourceName
172167
sqlServerName: sqlDBModule.outputs.sqlServerName
173168
sqlDbName: sqlDBModule.outputs.sqlDbName
174169
sqlUsers: [
175170
{
176-
principalId: managedIdentityModule.outputs.managedIdentityBackendAppOutput.clientId // Replace with actual Principal ID
177-
principalName: managedIdentityModule.outputs.managedIdentityBackendAppOutput.name // Replace with actual user email or name
171+
principalId: managedIdentityModule.outputs.managedIdentityBackendAppOutput.clientId // Replace with actual Principal ID
172+
principalName: managedIdentityModule.outputs.managedIdentityBackendAppOutput.name // Replace with actual user email or name
178173
databaseRoles: ['db_datareader', 'db_datawriter']
179174
}
180175
]
@@ -188,52 +183,52 @@ module hostingplan 'deploy_app_service_plan.bicep' = {
188183
}
189184
}
190185

191-
module backend_docker 'deploy_backend_docker.bicep'= {
186+
module backend_docker 'deploy_backend_docker.bicep' = {
192187
name: 'deploy_backend_docker'
193188
params: {
194189
imageTag: imageTag
195190
appServicePlanId: hostingplan.outputs.name
196191
applicationInsightsId: aifoundry.outputs.applicationInsightsId
197-
azureOpenAIKey:keyVault.getSecret('AZURE-OPENAI-KEY')
198-
azureAiProjectConnString:keyVault.getSecret('AZURE-AI-PROJECT-CONN-STRING')
199-
azureSearchAdminKey:keyVault.getSecret('AZURE-SEARCH-KEY')
192+
azureOpenAIKey: keyVault.getSecret('AZURE-OPENAI-KEY')
193+
azureAiProjectConnString: keyVault.getSecret('AZURE-AI-PROJECT-CONN-STRING')
194+
azureSearchAdminKey: keyVault.getSecret('AZURE-SEARCH-KEY')
200195
solutionName: solutionPrefix
201196
userassignedIdentityId: managedIdentityModule.outputs.managedIdentityBackendAppOutput.id
202197
aiProjectName: aifoundry.outputs.aiProjectName
203-
appSettings:{
204-
AZURE_OPEN_AI_DEPLOYMENT_MODEL:gptModelName
205-
AZURE_OPEN_AI_ENDPOINT:aifoundry.outputs.aiServicesTarget
206-
AZURE_OPENAI_API_VERSION: azureOpenAIApiVersion
207-
AZURE_OPENAI_RESOURCE:aifoundry.outputs.aiServicesName
208-
USE_CHAT_HISTORY_ENABLED:'True'
209-
AZURE_COSMOSDB_ACCOUNT: cosmosDBModule.outputs.cosmosAccountName
210-
AZURE_COSMOSDB_CONVERSATIONS_CONTAINER: cosmosDBModule.outputs.cosmosContainerName
211-
AZURE_COSMOSDB_DATABASE: cosmosDBModule.outputs.cosmosDatabaseName
212-
AZURE_COSMOSDB_ENABLE_FEEDBACK:'True'
213-
SQLDB_DATABASE:sqlDBModule.outputs.sqlDbName
214-
SQLDB_SERVER: sqlDBModule.outputs.sqlServerName
215-
SQLDB_USERNAME: sqlDBModule.outputs.sqlDbUser
216-
SQLDB_USER_MID: managedIdentityModule.outputs.managedIdentityBackendAppOutput.clientId
198+
appSettings: {
199+
AZURE_OPEN_AI_DEPLOYMENT_MODEL: gptModelName
200+
AZURE_OPEN_AI_ENDPOINT: aifoundry.outputs.aiServicesTarget
201+
AZURE_OPENAI_API_VERSION: azureOpenAIApiVersion
202+
AZURE_OPENAI_RESOURCE: aifoundry.outputs.aiServicesName
203+
USE_CHAT_HISTORY_ENABLED: 'True'
204+
AZURE_COSMOSDB_ACCOUNT: cosmosDBModule.outputs.cosmosAccountName
205+
AZURE_COSMOSDB_CONVERSATIONS_CONTAINER: cosmosDBModule.outputs.cosmosContainerName
206+
AZURE_COSMOSDB_DATABASE: cosmosDBModule.outputs.cosmosDatabaseName
207+
AZURE_COSMOSDB_ENABLE_FEEDBACK: 'True'
208+
SQLDB_DATABASE: sqlDBModule.outputs.sqlDbName
209+
SQLDB_SERVER: sqlDBModule.outputs.sqlServerName
210+
SQLDB_USERNAME: sqlDBModule.outputs.sqlDbUser
211+
SQLDB_USER_MID: managedIdentityModule.outputs.managedIdentityBackendAppOutput.clientId
217212

218-
OPENAI_API_VERSION: azureOpenAIApiVersion
219-
AZURE_AI_SEARCH_ENDPOINT: aifoundry.outputs.aiSearchTarget
220-
AZURE_AI_SEARCH_INDEX: 'call_transcripts_index'
221-
USE_AI_PROJECT_CLIENT:'False'
222-
DISPLAY_CHART_DEFAULT:'False'
223-
}
213+
OPENAI_API_VERSION: azureOpenAIApiVersion
214+
AZURE_AI_SEARCH_ENDPOINT: aifoundry.outputs.aiSearchTarget
215+
AZURE_AI_SEARCH_INDEX: 'call_transcripts_index'
216+
USE_AI_PROJECT_CLIENT: 'False'
217+
DISPLAY_CHART_DEFAULT: 'False'
218+
}
224219
}
225220
scope: resourceGroup(resourceGroup().name)
226221
}
227222

228-
module frontend_docker 'deploy_frontend_docker.bicep'= {
223+
module frontend_docker 'deploy_frontend_docker.bicep' = {
229224
name: 'deploy_frontend_docker'
230225
params: {
231226
imageTag: imageTag
232227
appServicePlanId: hostingplan.outputs.name
233228
applicationInsightsId: aifoundry.outputs.applicationInsightsId
234229
solutionName: solutionPrefix
235-
appSettings:{
236-
APP_API_BASE_URL:backend_docker.outputs.appUrl
230+
appSettings: {
231+
APP_API_BASE_URL: backend_docker.outputs.appUrl
237232
}
238233
}
239234
scope: resourceGroup(resourceGroup().name)
@@ -276,4 +271,3 @@ output DISPLAY_CHART_DEFAULT string = 'False'
276271

277272
output API_APP_URL string = backend_docker.outputs.appUrl
278273
output WEB_APP_URL string = frontend_docker.outputs.appUrl
279-

0 commit comments

Comments
 (0)