removing some ID resources

Author: TravisHilbert

infra/deploy_ai_foundry.bicep

@@ -0,0 +1,300 @@
+// Creates Azure dependent resources for Azure AI studio
+param solutionName string
+param solutionLocation string
+param keyVaultName string
+param gptModelName string
+param gptModelVersion string
+param managedIdentityObjectId string
+param aiServicesEndpoint string
+param aiServicesKey string
+param aiServicesId string
+
+var storageName = '${solutionName}hubstorage'
+var storageSkuName = 'Standard_LRS'
+var aiServicesName = '${solutionName}-aiservices'
+var workspaceName = '${solutionName}-workspace'
+var keyvaultName = '${solutionName}-kv'
+var location = solutionLocation 
+var aiHubName = '${solutionName}-aihub'
+var aiHubFriendlyName = aiHubName
+var aiHubDescription = 'AI Hub for KM template'
+var aiProjectName = '${solutionName}-aiproject'
+var aiProjectFriendlyName = aiProjectName
+var aiSearchName = '${solutionName}-search'
+
+
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
+  name: keyVaultName
+}
+
+resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2023-09-01' = {
+  name: workspaceName
+  location: location
+  tags: {}
+  properties: {
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+  }
+}
+
+
+var storageNameCleaned = replace(storageName, '-', '')
+
+
+resource storage 'Microsoft.Storage/storageAccounts@2022-09-01' = {
+  name: storageNameCleaned
+  location: location
+  sku: {
+    name: storageSkuName
+  }
+  kind: 'StorageV2'
+  identity: {
+    type: 'SystemAssigned'
+  }
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: false
+    allowCrossTenantReplication: false
+    allowSharedKeyAccess: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      requireInfrastructureEncryption: false
+      services: {
+        blob: {
+          enabled: true
+          keyType: 'Account'
+        }
+        file: {
+          enabled: true
+          keyType: 'Account'
+        }
+        queue: {
+          enabled: true
+          keyType: 'Service'
+        }
+        table: {
+          enabled: true
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    keyPolicy: {
+      keyExpirationPeriodInDays: 7
+    }
+    largeFileSharesState: 'Disabled'
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      bypass: 'AzureServices'
+      defaultAction: 'Allow'
+    }
+    supportsHttpsTrafficOnly: true
+  }
+}
+
+@description('This is the built-in Storage Blob Data Contributor.')
+resource blobDataContributor 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {
+  scope: subscription()
+  name: 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'
+}
+
+resource storageroleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(resourceGroup().id, managedIdentityObjectId, blobDataContributor.id)
+  scope: storage
+  properties: {
+    principalId: managedIdentityObjectId
+    roleDefinitionId: blobDataContributor.id
+    principalType: 'ServicePrincipal'
+  }
+}
+
+resource aiHub 'Microsoft.MachineLearningServices/workspaces@2023-08-01-preview' = {
+  name: aiHubName
+  location: location
+  identity: {
+    type: 'SystemAssigned'
+  }
+  properties: {
+    // organization
+    friendlyName: aiHubFriendlyName
+    description: aiHubDescription
+
+    // dependent resources
+    keyVault: keyVault.id
+    storageAccount: storage.id
+  }
+  kind: 'hub'
+
+  resource aiServicesConnection 'connections@2024-07-01-preview' = {
+    name: '${aiHubName}-connection-AzureOpenAI'
+    properties: {
+      category: 'AIServices'
+      target: aiServicesEndpoint
+      authType: 'ApiKey'
+      isSharedToAll: true
+      credentials: {
+        key: aiServicesKey
+      }
+      metadata: {
+        ApiType: 'Azure'
+        ResourceId: aiServicesId
+      }
+    }
+  }
+}
+
+resource aiHubProject 'Microsoft.MachineLearningServices/workspaces@2024-01-01-preview' = {
+  name: aiProjectName
+  location: location
+  kind: 'Project'
+  identity: {
+    type: 'SystemAssigned'
+  }
+  properties: {
+    friendlyName: aiProjectFriendlyName
+    hubResourceId: aiHub.id
+  }
+}
+
+resource tenantIdEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview' = {
+  parent: keyVault
+  name: 'TENANT-ID'
+  properties: {
+    value: subscription().tenantId
+  }
+}
+
+resource azureOpenAIInferenceEndpoint 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview' = {
+  parent: keyVault
+  name: 'AZURE-OPENAI-INFERENCE-ENDPOINT'
+  properties: {
+    value:''
+  }
+}
+
+resource azureOpenAIInferenceKey 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview' = {
+  parent: keyVault
+  name: 'AZURE-OPENAI-INFERENCE-KEY'
+  properties: {
+    value:''
+  }
+}
+
+resource azureOpenAIApiKeyEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview' = {
+  parent: keyVault
+  name: 'AZURE-OPENAI-KEY'
+  properties: {
+    value: aiServicesKey //aiServices_m.listKeys().key1
+  }
+}
+
+resource azureOpenAIDeploymentModel 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview' = {
+  parent: keyVault
+  name: 'AZURE-OPEN-AI-DEPLOYMENT-MODEL'
+  properties: {
+    value: gptModelName
+  }
+}
+
+resource azureOpenAIApiVersionEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview' = {
+  parent: keyVault
+  name: 'AZURE-OPENAI-PREVIEW-API-VERSION'
+  properties: {
+    value: gptModelVersion  //'2024-02-15-preview'
+  }
+}
+
+resource azureOpenAIEndpointEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview' = {
+  parent: keyVault
+  name: 'AZURE-OPENAI-ENDPOINT'
+  properties: {
+    value: aiServicesEndpoint//aiServices_m.properties.endpoint
+  }
+}
+
+resource azureAIProjectConnectionStringEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview' = {
+  parent: keyVault
+  name: 'AZURE-AI-PROJECT-CONN-STRING'
+  properties: {
+    value: '${split(aiHubProject.properties.discoveryUrl, '/')[2]};${subscription().subscriptionId};${resourceGroup().name};${aiHubProject.name}'
+  }
+}
+
+resource azureOpenAICUApiVersionEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview' = {
+  parent: keyVault
+  name: 'AZURE-OPENAI-CU-VERSION'
+  properties: {
+    value: '?api-version=2024-12-01-preview'
+  }
+}
+
+resource azureSearchIndexEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview' = {
+  parent: keyVault
+  name: 'AZURE-SEARCH-INDEX'
+  properties: {
+    value: 'transcripts_index'
+  }
+}
+
+resource cogServiceEndpointEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview' = {
+  parent: keyVault
+  name: 'COG-SERVICES-ENDPOINT'
+  properties: {
+    value: aiServicesEndpoint
+  }
+}
+
+resource cogServiceKeyEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview' = {
+  parent: keyVault
+  name: 'COG-SERVICES-KEY'
+  properties: {
+    value: aiServicesKey
+  }
+}
+
+resource cogServiceNameEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview' = {
+  parent: keyVault
+  name: 'COG-SERVICES-NAME'
+  properties: {
+    value: aiServicesName
+  }
+}
+
+resource azureSubscriptionIdEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview' = {
+  parent: keyVault
+  name: 'AZURE-SUBSCRIPTION-ID'
+  properties: {
+    value: subscription().subscriptionId
+  }
+}
+
+resource resourceGroupNameEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview' = {
+  parent: keyVault
+  name: 'AZURE-RESOURCE-GROUP'
+  properties: {
+    value: resourceGroup().name
+  }
+}
+
+resource azureLocatioEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview' = {
+  parent: keyVault
+  name: 'AZURE-LOCATION'
+  properties: {
+    value: solutionLocation
+  }
+}
+
+output keyvaultName string = keyvaultName
+output keyvaultId string = keyVault.id
+
+output aiServicesName string = aiServicesName 
+output aiSearchName string = aiSearchName
+output aiProjectName string = aiHubProject.name
+
+output storageAccountName string = storageNameCleaned
+
+output logAnalyticsId string = logAnalytics.id
+output storageAccountId string = storage.id

infra/deploy_keyvault.bicep

@@ -0,0 +1,67 @@
+@minLength(3)
+@maxLength(15)
+@description('Solution Name')
+param solutionName string
+param solutionLocation string
+param managedIdentityObjectId string
+
+var keyvaultName = '${solutionName}-kv'
+
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
+  name: keyvaultName
+  location: solutionLocation
+  properties: {
+    createMode: 'default'
+    accessPolicies: [
+      {        
+        objectId: managedIdentityObjectId        
+        permissions: {
+          certificates: [
+            'all'
+          ]
+          keys: [
+            'all'
+          ]
+          secrets: [
+            'all'
+          ]
+          storage: [
+            'all'
+          ]
+        }
+        tenantId: subscription().tenantId
+      }
+    ]
+    enabledForDeployment: true
+    enabledForDiskEncryption: true
+    enabledForTemplateDeployment: true
+    enableSoftDelete: false
+    enableRbacAuthorization: true
+    enablePurgeProtection: true
+    publicNetworkAccess: 'enabled'
+    sku: {
+      family: 'A'
+      name: 'standard'
+    }
+    softDeleteRetentionInDays: 7
+    tenantId: subscription().tenantId
+  }
+}
+
+@description('This is the built-in Key Vault Administrator role.')
+resource kvAdminRole 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {
+  scope: resourceGroup()
+  name: '00482a5a-887f-4fb3-b363-3b7fe8e74483'
+}
+
+resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(resourceGroup().id, managedIdentityObjectId, kvAdminRole.id)
+  properties: {
+    principalId: managedIdentityObjectId
+    roleDefinitionId:kvAdminRole.id
+    principalType: 'ServicePrincipal' 
+  }
+}
+
+output keyvaultName string = keyvaultName
+output keyvaultId string = keyVault.id