From 58aea181bd34bd84fbe7d07dcce437cfa6567efe Mon Sep 17 00:00:00 2001 From: Travis Hilbert Date: Mon, 5 May 2025 11:25:40 -0700 Subject: [PATCH 01/16] Added main.biceppram file and removed hard coded var values in bicep --- infra/main.bicep | 9 +++++---- infra/main.bicepparam | 4 ++++ 2 files changed, 9 insertions(+), 4 deletions(-) create mode 100644 infra/main.bicepparam diff --git a/infra/main.bicep b/infra/main.bicep index 33aa9b0d1..fb912167e 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -1,6 +1,6 @@ targetScope = 'resourceGroup' -@description('Location for all resources.') -param location string +// @description('Location for all resources.') +// param location string @allowed([ 'australiaeast' @@ -28,12 +28,12 @@ param location string 'westus3' ]) @description('Location for all Ai services resources. This location can be different from the resource group location.') -param azureOpenAILocation string = 'eastus2' // The location used for all deployed resources. This location must be in the same region as the resource group. +param azureOpenAILocation string //= 'eastus2' // The location used for all deployed resources. This location must be in the same region as the resource group. @minLength(3) @maxLength(20) @description('Prefix for all resources created by this template. This prefix will be used to create unique names for all resources. The prefix must be unique within the resource group.') -param prefix string = 'macae' +param prefix string //= 'macae' @description('Tags to apply to all deployed resources') param tags object = {} @@ -58,6 +58,7 @@ param resourceSize { } param capacity int = 140 +var location = resourceGroup().location var modelVersion = '2024-08-06' var aiServicesName = '${prefix}-aiservices' var deploymentType = 'GlobalStandard' diff --git a/infra/main.bicepparam b/infra/main.bicepparam new file mode 100644 index 000000000..1e5c968ec --- /dev/null +++ b/infra/main.bicepparam @@ -0,0 +1,4 @@ +using './main.bicep' + +param azureOpenAILocation = readEnvironmentVariable('AZURE_LOCATION','japaneast') +param prefix = readEnvironmentVariable('AZURE_ENV_NAME','azdtemp') From d79a91eb5326a1eb528ccacc6b7e801c89628ad6 Mon Sep 17 00:00:00 2001 From: Travis Hilbert Date: Mon, 5 May 2025 11:42:57 -0700 Subject: [PATCH 02/16] updating azure.yaml --- azure.yaml | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/azure.yaml b/azure.yaml index f72241f94..3ff6fcb7d 100644 --- a/azure.yaml +++ b/azure.yaml @@ -1,20 +1,24 @@ # yaml-language-server: $schema=https://raw.githubusercontent.com/Azure/azure-dev/main/schemas/v1.0/azure.yaml.json +environment: + name: multi-agent-custom-automation-engine-solution-accelerator + location: eastus name: multi-agent-custom-automation-engine-solution-accelerator metadata: - template: azd-init@1.14.0 -services: - backend: - project: src/backend - host: containerapp - language: python - docker: - context: src/backend - path: Dockerfile - frontend: - project: src/frontend - host: containerapp - language: python - docker: - context: src/frontend - path: Dockerfile - + template: multi-agent-custom-automation-engine-solution-accelerator@1.0 +parameters: + azureOpenAILocation: + type: string + default: eastus2 + prefix: + type: string + default: ma-azdtest + baseUrl: + type: string + default: 'https://raw.githubusercontent.com/microsoft/multi-agent-custom-automation-engine-solution-accelerator' +deployment: + mode: Incremental + template: ./infra/main.bicep # Path to the main.bicep file inside the 'deployment' folder + prameters: + azureOpenAILocation: ${{ parameters.AiLocation }} + prefix: ${{ parameters.ResourcePrefix }} + baseUrl: ${{ parameters.baseUrl }} \ No newline at end of file From f20dd49191def3cb1c1444e7644d8ff40b69ca32 Mon Sep 17 00:00:00 2001 From: gpickett <122489228+gpickett@users.noreply.github.com> Date: Mon, 5 May 2025 11:57:24 -0700 Subject: [PATCH 03/16] Update azure-dev.yml --- .github/workflows/azure-dev.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/azure-dev.yml b/.github/workflows/azure-dev.yml index 0976ea174..1ed66f624 100644 --- a/.github/workflows/azure-dev.yml +++ b/.github/workflows/azure-dev.yml @@ -47,7 +47,7 @@ jobs: # Step 5: Validate the Azure template - name: Validate Azure Template - uses: microsoft/template-validation-action@v0.3.5 + uses: microsoft/template-validation-action@v0.4.2 id: validation env: AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} From dff00198ea417b4ade9da930b6cc8eb8e3c281bd Mon Sep 17 00:00:00 2001 From: gpickett <122489228+gpickett@users.noreply.github.com> Date: Mon, 5 May 2025 12:13:56 -0700 Subject: [PATCH 04/16] Update azure-dev.yml --- .github/workflows/azure-dev.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/azure-dev.yml b/.github/workflows/azure-dev.yml index 1ed66f624..5396204d8 100644 --- a/.github/workflows/azure-dev.yml +++ b/.github/workflows/azure-dev.yml @@ -47,7 +47,7 @@ jobs: # Step 5: Validate the Azure template - name: Validate Azure Template - uses: microsoft/template-validation-action@v0.4.2 + uses: microsoft/template-validation-action@Latest id: validation env: AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} From 5d622ad066a0de99b4538eea604dc3ade055b8cc Mon Sep 17 00:00:00 2001 From: gpickett <122489228+gpickett@users.noreply.github.com> Date: Mon, 5 May 2025 12:18:40 -0700 Subject: [PATCH 05/16] Update azure-dev.yml --- .github/workflows/azure-dev.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/azure-dev.yml b/.github/workflows/azure-dev.yml index 5396204d8..0976ea174 100644 --- a/.github/workflows/azure-dev.yml +++ b/.github/workflows/azure-dev.yml @@ -47,7 +47,7 @@ jobs: # Step 5: Validate the Azure template - name: Validate Azure Template - uses: microsoft/template-validation-action@Latest + uses: microsoft/template-validation-action@v0.3.5 id: validation env: AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} From 5ea95885ea1dcebf1c31aa5ddb6fbb24a5882dcd Mon Sep 17 00:00:00 2001 From: gpickett <122489228+gpickett@users.noreply.github.com> Date: Mon, 5 May 2025 12:29:41 -0700 Subject: [PATCH 06/16] Update azure-dev.yml --- .github/workflows/azure-dev.yml | 68 +++++---------------------------- 1 file changed, 9 insertions(+), 59 deletions(-) diff --git a/.github/workflows/azure-dev.yml b/.github/workflows/azure-dev.yml index 0976ea174..a65ed6cb3 100644 --- a/.github/workflows/azure-dev.yml +++ b/.github/workflows/azure-dev.yml @@ -15,69 +15,19 @@ permissions: jobs: template_validation_job: runs-on: ubuntu-latest - name: Template validation + name: template validation steps: - # Step 1: Checkout the code from your repository - - name: Checkout code - uses: actions/checkout@v4 + - uses: actions/checkout@v4 - # Step 2: Set up Python - - name: Set up Python - uses: actions/setup-python@v4 - with: - python-version: "3.9" - - # Step 3: Create and populate the virtual environment - - name: Create virtual environment and install dependencies - run: | - python -m venv .venv - source .venv/bin/activate - python -m pip install --upgrade pip - pip install azure-mgmt-resource azure-identity azure-core azure-mgmt-subscription azure-cli-core - # Install any other dependencies that might be needed - pip freeze > requirements-installed.txt - echo "Virtual environment created with these packages:" - cat requirements-installed.txt - - # Step 4: Create azd directory if it doesn't exist - - name: Create azd directory - run: | - mkdir -p ./.azd || true - touch ./.azd/.env || true - - # Step 5: Validate the Azure template - - name: Validate Azure Template - uses: microsoft/template-validation-action@v0.3.5 + - uses: microsoft/template-validation-action@Latest id: validation env: - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - AZURE_ENV_NAME: ${{ secrets.AZURE_ENV_NAME }} - AZURE_LOCATION: ${{ secrets.AZURE_LOCATION }} + AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} + AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }} + AZURE_LOCATION: ${{ vars.AZURE_LOCATION }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # Step 6: Debug output in case of failure - - name: Debug on failure - if: failure() - run: | - echo "Validation failed. Checking environment:" - ls -la - if [ -d ".venv" ]; then - echo ".venv directory exists" - ls -la .venv/bin/ - else - echo ".venv directory does not exist" - fi - if [ -d "tva_*" ]; then - echo "TVA directory exists:" - find . -name "tva_*" -type d - ls -la $(find . -name "tva_*" -type d) - else - echo "No TVA directory found" - fi - - # Step 7: Print the result of the validation - - name: Print result - if: success() + - name: print result run: cat ${{ steps.validation.outputs.resultFile }} From c950dae0dc3b5e91e81a468efe812bb203c9847e Mon Sep 17 00:00:00 2001 From: Abdul-Microsoft Date: Tue, 6 May 2025 17:34:03 +0530 Subject: [PATCH 07/16] Remove main.bicepparam file and its parameters --- infra/main.bicepparam | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 infra/main.bicepparam diff --git a/infra/main.bicepparam b/infra/main.bicepparam deleted file mode 100644 index 1e5c968ec..000000000 --- a/infra/main.bicepparam +++ /dev/null @@ -1,4 +0,0 @@ -using './main.bicep' - -param azureOpenAILocation = readEnvironmentVariable('AZURE_LOCATION','japaneast') -param prefix = readEnvironmentVariable('AZURE_ENV_NAME','azdtemp') From 10ef8d26a0191308b2423ac02b4c4acc2adea3b7 Mon Sep 17 00:00:00 2001 From: Travis Hilbert Date: Tue, 6 May 2025 08:52:20 -0700 Subject: [PATCH 08/16] testing var named imageName --- infra/main.bicep | 4 ++-- infra/main.json | 56 +++++++++++++++++++++--------------------------- 2 files changed, 27 insertions(+), 33 deletions(-) diff --git a/infra/main.bicep b/infra/main.bicep index fb912167e..99fe3d965 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -73,7 +73,7 @@ var frontendDockerImageURL = '${resgistryName}.azurecr.io/macaefrontend:${appVer var uniqueNameFormat = '${prefix}-{0}-${uniqueString(resourceGroup().id, prefix)}' var aoaiApiVersion = '2025-01-01-preview' - +var imageName = frontendDockerImageURL resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2023-09-01' = { name: format(uniqueNameFormat, 'logs') location: location @@ -411,7 +411,7 @@ resource frontendAppService 'Microsoft.Web/sites@2021-02-01' = { serverFarmId: frontendAppServicePlan.id reserved: true siteConfig: { - linuxFxVersion: 'DOCKER|${frontendDockerImageURL}' + linuxFxVersion: 'DOCKER|${imageName}' appSettings: [ { name: 'DOCKER_REGISTRY_SERVER_URL' diff --git a/infra/main.json b/infra/main.json index 6c40552d5..a42390dcc 100644 --- a/infra/main.json +++ b/infra/main.json @@ -5,20 +5,13 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.34.44.8038", - "templateHash": "7719893060553487435" + "version": "0.35.1.17967", + "templateHash": "11782682784877206872" } }, "parameters": { - "location": { - "type": "string", - "metadata": { - "description": "Location for all resources." - } - }, "azureOpenAILocation": { "type": "string", - "defaultValue": "eastus2", "allowedValues": [ "australiaeast", "brazilsouth", @@ -50,7 +43,6 @@ }, "prefix": { "type": "string", - "defaultValue": "macae", "minLength": 3, "maxLength": 20, "metadata": { @@ -107,6 +99,7 @@ } }, "variables": { + "location": "[resourceGroup().location]", "modelVersion": "2024-08-06", "aiServicesName": "[format('{0}-aiservices', parameters('prefix'))]", "deploymentType": "GlobalStandard", @@ -118,6 +111,7 @@ "frontendDockerImageURL": "[format('{0}.azurecr.io/macaefrontend:{1}', variables('resgistryName'), variables('appVersion'))]", "uniqueNameFormat": "[format('{0}-{{0}}-{1}', parameters('prefix'), uniqueString(resourceGroup().id, parameters('prefix')))]", "aoaiApiVersion": "2025-01-01-preview", + "imageName": "[variables('frontendDockerImageURL')]", "aiModelDeployments": [ { "name": "[variables('gptModelVersion')]", @@ -190,7 +184,7 @@ "type": "Microsoft.OperationalInsights/workspaces", "apiVersion": "2023-09-01", "name": "[format(variables('uniqueNameFormat'), 'logs')]", - "location": "[parameters('location')]", + "location": "[variables('location')]", "tags": "[parameters('tags')]", "properties": { "retentionInDays": 30, @@ -203,7 +197,7 @@ "type": "Microsoft.Insights/components", "apiVersion": "2020-02-02-preview", "name": "[format(variables('uniqueNameFormat'), 'appins')]", - "location": "[parameters('location')]", + "location": "[variables('location')]", "kind": "web", "properties": { "Application_Type": "web", @@ -217,7 +211,7 @@ "type": "Microsoft.CognitiveServices/accounts", "apiVersion": "2024-04-01-preview", "name": "[variables('aiServicesName')]", - "location": "[parameters('location')]", + "location": "[variables('location')]", "sku": { "name": "S0" }, @@ -277,7 +271,7 @@ "type": "Microsoft.DocumentDB/databaseAccounts", "apiVersion": "2024-05-15", "name": "[format(variables('uniqueNameFormat'), 'cosmos')]", - "location": "[parameters('location')]", + "location": "[variables('location')]", "tags": "[parameters('tags')]", "kind": "GlobalDocumentDB", "properties": { @@ -286,7 +280,7 @@ "locations": [ { "failoverPriority": 0, - "locationName": "[parameters('location')]" + "locationName": "[variables('location')]" } ], "capabilities": [ @@ -301,13 +295,13 @@ "type": "Microsoft.ManagedIdentity/userAssignedIdentities", "apiVersion": "2023-07-31-preview", "name": "[format(variables('uniqueNameFormat'), 'containerapp-pull')]", - "location": "[parameters('location')]" + "location": "[variables('location')]" }, "containerAppEnv": { "type": "Microsoft.App/managedEnvironments", "apiVersion": "2024-03-01", "name": "[format(variables('uniqueNameFormat'), 'containerapp')]", - "location": "[parameters('location')]", + "location": "[variables('location')]", "tags": "[parameters('tags')]", "properties": { "daprAIConnectionString": "[reference('appInsights').ConnectionString]", @@ -315,7 +309,7 @@ "destination": "log-analytics", "logAnalyticsConfiguration": { "customerId": "[reference('logAnalytics').customerId]", - "sharedKey": "[listKeys(resourceId('Microsoft.OperationalInsights/workspaces', format(variables('uniqueNameFormat'), 'logs')), '2023-09-01').primarySharedKey]" + "sharedKey": "[listKeys('logAnalytics', '2023-09-01').primarySharedKey]" } } }, @@ -342,7 +336,7 @@ "type": "Microsoft.App/containerApps", "apiVersion": "2024-03-01", "name": "[format('{0}-backend', parameters('prefix'))]", - "location": "[parameters('location')]", + "location": "[variables('location')]", "tags": "[parameters('tags')]", "identity": { "type": "SystemAssigned, UserAssigned", @@ -468,7 +462,7 @@ "type": "Microsoft.Web/serverfarms", "apiVersion": "2021-02-01", "name": "[format(variables('uniqueNameFormat'), 'frontend-plan')]", - "location": "[parameters('location')]", + "location": "[variables('location')]", "tags": "[parameters('tags')]", "sku": { "name": "P1v2", @@ -484,14 +478,14 @@ "type": "Microsoft.Web/sites", "apiVersion": "2021-02-01", "name": "[format(variables('uniqueNameFormat'), 'frontend')]", - "location": "[parameters('location')]", + "location": "[variables('location')]", "tags": "[parameters('tags')]", "kind": "app,linux,container", "properties": { "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', format(variables('uniqueNameFormat'), 'frontend-plan'))]", "reserved": true, "siteConfig": { - "linuxFxVersion": "[format('DOCKER|{0}', variables('frontendDockerImageURL'))]", + "linuxFxVersion": "[format('DOCKER|{0}', variables('imageName'))]", "appSettings": [ { "name": "DOCKER_REGISTRY_SERVER_URL", @@ -568,7 +562,7 @@ "value": "[parameters('prefix')]" }, "solutionLocation": { - "value": "[parameters('location')]" + "value": "[variables('location')]" }, "managedIdentityObjectId": { "value": "[reference('managedIdentityModule').outputs.managedIdentityOutput.value.objectId]" @@ -580,8 +574,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.34.44.8038", - "templateHash": "10664495342911727649" + "version": "0.35.1.17967", + "templateHash": "5761607453167859573" } }, "parameters": { @@ -706,7 +700,7 @@ "value": "[reference('aiServices').endpoint]" }, "aiServicesKey": { - "value": "[listKeys(resourceId('Microsoft.CognitiveServices/accounts', variables('aiServicesName')), '2024-04-01-preview').key1]" + "value": "[listKeys('aiServices', '2024-04-01-preview').key1]" }, "aiServicesId": { "value": "[resourceId('Microsoft.CognitiveServices/accounts', variables('aiServicesName'))]" @@ -718,8 +712,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.34.44.8038", - "templateHash": "8087543237770345715" + "version": "0.35.1.17967", + "templateHash": "9490638595753234802" } }, "parameters": { @@ -1112,8 +1106,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.34.44.8038", - "templateHash": "11364190519186458619" + "version": "0.35.1.17967", + "templateHash": "12327197428621494853" } }, "parameters": { @@ -1199,7 +1193,7 @@ "value": "2.69.0" }, "location": { - "value": "[parameters('location')]" + "value": "[variables('location')]" }, "managedIdentities": { "value": { From bf882a9b2f5b4cefda4ae7b63322a0e543e79000 Mon Sep 17 00:00:00 2001 From: Travis Hilbert Date: Tue, 6 May 2025 08:59:44 -0700 Subject: [PATCH 09/16] reverting change --- infra/main.bicep | 29 +++++++++++++---------------- infra/main.json | 5 ++--- 2 files changed, 15 insertions(+), 19 deletions(-) diff --git a/infra/main.bicep b/infra/main.bicep index d6967f156..fb912167e 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -32,11 +32,8 @@ param azureOpenAILocation string //= 'eastus2' // The location used for all depl @minLength(3) @maxLength(20) -@description('A unique prefix for all resources in this deployment. This should be 3-20 characters long:') -param environmentName string - -var uniqueId = toLower(uniqueString(subscription().id, environmentName, resourceGroup().location)) -var solutionPrefix = 'ma${padLeft(take(uniqueId, 12), 12, '0')}' +@description('Prefix for all resources created by this template. This prefix will be used to create unique names for all resources. The prefix must be unique within the resource group.') +param prefix string //= 'macae' @description('Tags to apply to all deployed resources') param tags object = {} @@ -63,7 +60,7 @@ param capacity int = 140 var location = resourceGroup().location var modelVersion = '2024-08-06' -var aiServicesName = '${solutionPrefix}-aiservices' +var aiServicesName = '${prefix}-aiservices' var deploymentType = 'GlobalStandard' var gptModelVersion = 'gpt-4o' var appVersion = 'fnd01' @@ -74,9 +71,9 @@ var dockerRegistryUrl = 'https://${resgistryName}.azurecr.io' var backendDockerImageURL = '${resgistryName}.azurecr.io/macaebackend:${appVersion}' var frontendDockerImageURL = '${resgistryName}.azurecr.io/macaefrontend:${appVersion}' -var uniqueNameFormat = '${solutionPrefix}-{0}-${uniqueString(resourceGroup().id, solutionPrefix)}' +var uniqueNameFormat = '${prefix}-{0}-${uniqueString(resourceGroup().id, prefix)}' var aoaiApiVersion = '2025-01-01-preview' -var imageName = frontendDockerImageURL + resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2023-09-01' = { name: format(uniqueNameFormat, 'logs') location: location @@ -124,7 +121,7 @@ resource aiServices 'Microsoft.CognitiveServices/accounts@2024-04-01-preview' = apiProperties: { //statisticsEnabled: false } - //disableLocalAuth: true + disableLocalAuth: true } } @@ -150,7 +147,7 @@ resource aiServicesDeployments 'Microsoft.CognitiveServices/accounts/deployments module kvault 'deploy_keyvault.bicep' = { name: 'deploy_keyvault' params: { - solutionName: solutionPrefix + solutionName: prefix solutionLocation: location managedIdentityObjectId: managedIdentityModule.outputs.managedIdentityOutput.objectId } @@ -164,7 +161,7 @@ module kvault 'deploy_keyvault.bicep' = { module aifoundry 'deploy_ai_foundry.bicep' = { name: 'deploy_ai_foundry' params: { - solutionName: solutionPrefix + solutionName: prefix solutionLocation: azureOpenAILocation keyVaultName: kvault.outputs.keyvaultName gptModelName: gptModelVersion @@ -206,7 +203,7 @@ resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2024-05-15' = { } ] capabilities: [{ name: 'EnableServerless' }] - //disableLocalAuth: true + disableLocalAuth: true } resource contributorRoleDefinition 'sqlRoleDefinitions' existing = { @@ -280,7 +277,7 @@ resource acaCosomsRoleAssignment 'Microsoft.DocumentDB/databaseAccounts/sqlRoleA @description('') resource containerApp 'Microsoft.App/containerApps@2024-03-01' = { - name: '${solutionPrefix}-backend' + name: '${prefix}-backend' location: location tags: tags identity: { @@ -414,7 +411,7 @@ resource frontendAppService 'Microsoft.Web/sites@2021-02-01' = { serverFarmId: frontendAppServicePlan.id reserved: true siteConfig: { - linuxFxVersion: 'DOCKER|${imageName}' + linuxFxVersion: 'DOCKER|${frontendDockerImageURL}' appSettings: [ { name: 'DOCKER_REGISTRY_SERVER_URL' @@ -449,7 +446,7 @@ resource frontendAppService 'Microsoft.Web/sites@2021-02-01' = { } resource aiHubProject 'Microsoft.MachineLearningServices/workspaces@2024-01-01-preview' existing = { - name: '${solutionPrefix}-aiproject' // aiProjectName must be calculated - available at main start. + name: '${prefix}-aiproject' // aiProjectName must be calculated - available at main start. } resource aiDeveloper 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = { @@ -470,7 +467,7 @@ var cosmosAssignCli = 'az cosmosdb sql role assignment create --resource-group " module managedIdentityModule 'deploy_managed_identity.bicep' = { name: 'deploy_managed_identity' params: { - solutionName: solutionPrefix + solutionName: prefix //solutionLocation: location managedIdentityId: pullIdentity.id managedIdentityPropPrin: pullIdentity.properties.principalId diff --git a/infra/main.json b/infra/main.json index a42390dcc..ccecd8751 100644 --- a/infra/main.json +++ b/infra/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.35.1.17967", - "templateHash": "11782682784877206872" + "templateHash": "18228555099764132241" } }, "parameters": { @@ -111,7 +111,6 @@ "frontendDockerImageURL": "[format('{0}.azurecr.io/macaefrontend:{1}', variables('resgistryName'), variables('appVersion'))]", "uniqueNameFormat": "[format('{0}-{{0}}-{1}', parameters('prefix'), uniqueString(resourceGroup().id, parameters('prefix')))]", "aoaiApiVersion": "2025-01-01-preview", - "imageName": "[variables('frontendDockerImageURL')]", "aiModelDeployments": [ { "name": "[variables('gptModelVersion')]", @@ -485,7 +484,7 @@ "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', format(variables('uniqueNameFormat'), 'frontend-plan'))]", "reserved": true, "siteConfig": { - "linuxFxVersion": "[format('DOCKER|{0}', variables('imageName'))]", + "linuxFxVersion": "[format('DOCKER|{0}', variables('frontendDockerImageURL'))]", "appSettings": [ { "name": "DOCKER_REGISTRY_SERVER_URL", From bd6202523009fb1a3b73395e9c6047abca00eb95 Mon Sep 17 00:00:00 2001 From: Abdul-Microsoft Date: Wed, 7 May 2025 11:10:13 +0530 Subject: [PATCH 10/16] feat: add historical tagging to Docker image builds --- .github/workflows/docker-build-and-push.yml | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker-build-and-push.yml b/.github/workflows/docker-build-and-push.yml index 383ef2fc0..30e7b39e1 100644 --- a/.github/workflows/docker-build-and-push.yml +++ b/.github/workflows/docker-build-and-push.yml @@ -32,7 +32,7 @@ jobs: uses: docker/setup-buildx-action@v1 - name: Log in to Azure Container Registry - if: ${{ (github.ref_name == 'main' || github.ref_name == 'dev' || github.ref_name == 'demo' || github.ref_name == 'hotfix') }} + if: ${{ (github.ref_name == 'main' || github.ref_name == 'dev' || github.ref_name == 'demo' || github.ref_name == 'hotfix' || github.ref_name == 'feature/conregchanges') }} uses: azure/docker-login@v2 with: login-server: ${{ secrets.ACR_LOGIN_SERVER }} @@ -41,6 +41,9 @@ jobs: - name: Set Docker image tag run: | + DATE_TAG=$(date +'%Y-%m-%d') + RUN_ID=${{ github.run_number }} + if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then echo "TAG=latest" >> $GITHUB_ENV elif [[ "${{ github.ref }}" == "refs/heads/dev" ]]; then @@ -49,24 +52,35 @@ jobs: echo "TAG=demo" >> $GITHUB_ENV elif [[ "${{ github.ref }}" == "refs/heads/hotfix" ]]; then echo "TAG=hotfix" >> $GITHUB_ENV + elif [[ "${{ github.ref }}" == "refs/heads/feature/conregchanges" ]]; then + echo "TAG=conregchanges" >> $GITHUB_ENV else echo "TAG=pullrequest-ignore" >> $GITHUB_ENV fi + + echo "HISTORICAL_TAG=${TAG}_${DATE_TAG}_${RUN_ID}" >> $GITHUB_ENV + - name: Build and push Docker images optionally run: | cd src/backend docker build -t ${{ secrets.ACR_LOGIN_SERVER }}/macaebackend:${{ env.TAG }} -f Dockerfile . && \ - if [[ "${{ env.TAG }}" == "latest" || "${{ env.TAG }}" == "dev" || "${{ env.TAG }}" == "demo" || "${{ env.TAG }}" == "hotfix" ]]; then + docker tag ${{ secrets.ACR_LOGIN_SERVER }}/macaebackend:${{ env.TAG }} ${{ secrets.ACR_LOGIN_SERVER }}/macaebackend:${{ env.HISTORICAL_TAG }} && \ + + if [[ "${{ env.TAG }}" == "latest" || "${{ env.TAG }}" == "dev" || "${{ env.TAG }}" == "demo" || "${{ env.TAG }}" == "hotfix" || "${{ env.TAG }}" == "conregchanges" ]]; then docker push ${{ secrets.ACR_LOGIN_SERVER }}/macaebackend:${{ env.TAG }} && \ + docker push ${{ secrets.ACR_LOGIN_SERVER }}/macaebackend:${{ env.HISTORICAL_TAG }} && \ echo "Backend image built and pushed successfully." else echo "Skipping Docker push for backend with tag: ${{ env.TAG }}" fi cd ../frontend docker build -t ${{ secrets.ACR_LOGIN_SERVER }}/macaefrontend:${{ env.TAG }} -f Dockerfile . && \ - if [[ "${{ env.TAG }}" == "latest" || "${{ env.TAG }}" == "dev" || "${{ env.TAG }}" == "demo" || "${{ env.TAG }}" == "hotfix" ]]; then + docker tag ${{ secrets.ACR_LOGIN_SERVER }}/macaefrontend:${{ env.TAG }} ${{ secrets.ACR_LOGIN_SERVER }}/macaefrontend:${{ env.HISTORICAL_TAG }} && \ + + if [[ "${{ env.TAG }}" == "latest" || "${{ env.TAG }}" == "dev" || "${{ env.TAG }}" == "demo" || "${{ env.TAG }}" == "hotfix" || "${{ env.TAG }}" == "conregchanges" ]]; then docker push ${{ secrets.ACR_LOGIN_SERVER }}/macaefrontend:${{ env.TAG }} && \ + docker push ${{ secrets.ACR_LOGIN_SERVER }}/macaefrontend:${{ env.HISTORICAL_TAG }} && \ echo "Frontend image built and pushed successfully." else echo "Skipping Docker push for frontend with tag: ${{ env.TAG }}" From 84cadee27014497f1b3b273fa72d3509620eeb50 Mon Sep 17 00:00:00 2001 From: Abdul-Microsoft Date: Wed, 7 May 2025 11:19:55 +0530 Subject: [PATCH 11/16] added changes for testing from feature branch --- .github/workflows/docker-build-and-push.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/docker-build-and-push.yml b/.github/workflows/docker-build-and-push.yml index 30e7b39e1..b5a84964f 100644 --- a/.github/workflows/docker-build-and-push.yml +++ b/.github/workflows/docker-build-and-push.yml @@ -18,6 +18,7 @@ on: - dev - demo - hotfix + - feature/psl-conregchanges workflow_dispatch: jobs: @@ -32,7 +33,7 @@ jobs: uses: docker/setup-buildx-action@v1 - name: Log in to Azure Container Registry - if: ${{ (github.ref_name == 'main' || github.ref_name == 'dev' || github.ref_name == 'demo' || github.ref_name == 'hotfix' || github.ref_name == 'feature/conregchanges') }} + if: ${{ (github.ref_name == 'main' || github.ref_name == 'dev' || github.ref_name == 'demo' || github.ref_name == 'hotfix' || github.ref_name == 'feature/psl-conregchanges') }} uses: azure/docker-login@v2 with: login-server: ${{ secrets.ACR_LOGIN_SERVER }} @@ -52,8 +53,8 @@ jobs: echo "TAG=demo" >> $GITHUB_ENV elif [[ "${{ github.ref }}" == "refs/heads/hotfix" ]]; then echo "TAG=hotfix" >> $GITHUB_ENV - elif [[ "${{ github.ref }}" == "refs/heads/feature/conregchanges" ]]; then - echo "TAG=conregchanges" >> $GITHUB_ENV + elif [[ "${{ github.ref }}" == "refs/heads/feature/psl-conregchanges" ]]; then + echo "TAG=psl-conregchanges" >> $GITHUB_ENV else echo "TAG=pullrequest-ignore" >> $GITHUB_ENV fi @@ -67,7 +68,7 @@ jobs: docker build -t ${{ secrets.ACR_LOGIN_SERVER }}/macaebackend:${{ env.TAG }} -f Dockerfile . && \ docker tag ${{ secrets.ACR_LOGIN_SERVER }}/macaebackend:${{ env.TAG }} ${{ secrets.ACR_LOGIN_SERVER }}/macaebackend:${{ env.HISTORICAL_TAG }} && \ - if [[ "${{ env.TAG }}" == "latest" || "${{ env.TAG }}" == "dev" || "${{ env.TAG }}" == "demo" || "${{ env.TAG }}" == "hotfix" || "${{ env.TAG }}" == "conregchanges" ]]; then + if [[ "${{ env.TAG }}" == "latest" || "${{ env.TAG }}" == "dev" || "${{ env.TAG }}" == "demo" || "${{ env.TAG }}" == "hotfix" || "${{ env.TAG }}" == "psl-conregchanges" ]]; then docker push ${{ secrets.ACR_LOGIN_SERVER }}/macaebackend:${{ env.TAG }} && \ docker push ${{ secrets.ACR_LOGIN_SERVER }}/macaebackend:${{ env.HISTORICAL_TAG }} && \ echo "Backend image built and pushed successfully." @@ -78,7 +79,7 @@ jobs: docker build -t ${{ secrets.ACR_LOGIN_SERVER }}/macaefrontend:${{ env.TAG }} -f Dockerfile . && \ docker tag ${{ secrets.ACR_LOGIN_SERVER }}/macaefrontend:${{ env.TAG }} ${{ secrets.ACR_LOGIN_SERVER }}/macaefrontend:${{ env.HISTORICAL_TAG }} && \ - if [[ "${{ env.TAG }}" == "latest" || "${{ env.TAG }}" == "dev" || "${{ env.TAG }}" == "demo" || "${{ env.TAG }}" == "hotfix" || "${{ env.TAG }}" == "conregchanges" ]]; then + if [[ "${{ env.TAG }}" == "latest" || "${{ env.TAG }}" == "dev" || "${{ env.TAG }}" == "demo" || "${{ env.TAG }}" == "hotfix" || "${{ env.TAG }}" == "psl-conregchanges" ]]; then docker push ${{ secrets.ACR_LOGIN_SERVER }}/macaefrontend:${{ env.TAG }} && \ docker push ${{ secrets.ACR_LOGIN_SERVER }}/macaefrontend:${{ env.HISTORICAL_TAG }} && \ echo "Frontend image built and pushed successfully." From 9b8944db965e25d21cce1b2d221257ba36639955 Mon Sep 17 00:00:00 2001 From: Abdul-Microsoft Date: Wed, 7 May 2025 11:53:28 +0530 Subject: [PATCH 12/16] refactor: improve Docker build workflow by restructuring tag determination and historical tagging --- .github/workflows/docker-build-and-push.yml | 33 +++++++++++++-------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/.github/workflows/docker-build-and-push.yml b/.github/workflows/docker-build-and-push.yml index b5a84964f..74af5699b 100644 --- a/.github/workflows/docker-build-and-push.yml +++ b/.github/workflows/docker-build-and-push.yml @@ -7,6 +7,7 @@ on: - dev - demo - hotfix + - feature/psl-conregchanges pull_request: types: - opened @@ -18,8 +19,7 @@ on: - dev - demo - hotfix - - feature/psl-conregchanges - workflow_dispatch: + workflow_dispatch: jobs: build-and-push: @@ -33,18 +33,20 @@ jobs: uses: docker/setup-buildx-action@v1 - name: Log in to Azure Container Registry - if: ${{ (github.ref_name == 'main' || github.ref_name == 'dev' || github.ref_name == 'demo' || github.ref_name == 'hotfix' || github.ref_name == 'feature/psl-conregchanges') }} + if: ${{ github.ref_name == 'main' || github.ref_name == 'dev' || github.ref_name == 'demo' || github.ref_name == 'hotfix' || github.ref_name == 'feature/psl-conregchanges' }} uses: azure/docker-login@v2 with: login-server: ${{ secrets.ACR_LOGIN_SERVER }} username: ${{ secrets.ACR_USERNAME }} password: ${{ secrets.ACR_PASSWORD }} - - name: Set Docker image tag + - name: Get current date + id: date + run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT + + - name: Determine Tag Name Based on Branch + id: determine_tag run: | - DATE_TAG=$(date +'%Y-%m-%d') - RUN_ID=${{ github.run_number }} - if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then echo "TAG=latest" >> $GITHUB_ENV elif [[ "${{ github.ref }}" == "refs/heads/dev" ]]; then @@ -58,12 +60,17 @@ jobs: else echo "TAG=pullrequest-ignore" >> $GITHUB_ENV fi - - echo "HISTORICAL_TAG=${TAG}_${DATE_TAG}_${RUN_ID}" >> $GITHUB_ENV - - + + - name: Set Historical Tag + run: | + DATE_TAG=$(date +'%Y-%m-%d') + RUN_ID=${{ github.run_number }} + # Create historical tag using TAG, DATE_TAG, and RUN_ID + echo "HISTORICAL_TAG=${{ env.TAG }}_${DATE_TAG}_${RUN_ID}" >> $GITHUB_ENV + - name: Build and push Docker images optionally run: | + # Backend Image Build and Push cd src/backend docker build -t ${{ secrets.ACR_LOGIN_SERVER }}/macaebackend:${{ env.TAG }} -f Dockerfile . && \ docker tag ${{ secrets.ACR_LOGIN_SERVER }}/macaebackend:${{ env.TAG }} ${{ secrets.ACR_LOGIN_SERVER }}/macaebackend:${{ env.HISTORICAL_TAG }} && \ @@ -75,6 +82,8 @@ jobs: else echo "Skipping Docker push for backend with tag: ${{ env.TAG }}" fi + + # Frontend Image Build and Push cd ../frontend docker build -t ${{ secrets.ACR_LOGIN_SERVER }}/macaefrontend:${{ env.TAG }} -f Dockerfile . && \ docker tag ${{ secrets.ACR_LOGIN_SERVER }}/macaefrontend:${{ env.TAG }} ${{ secrets.ACR_LOGIN_SERVER }}/macaefrontend:${{ env.HISTORICAL_TAG }} && \ @@ -86,5 +95,3 @@ jobs: else echo "Skipping Docker push for frontend with tag: ${{ env.TAG }}" fi - - From 034fb65d7e28fb9eae8627ec55ab507c0fb680e1 Mon Sep 17 00:00:00 2001 From: Abdul-Microsoft Date: Wed, 7 May 2025 15:10:06 +0530 Subject: [PATCH 13/16] refactor: streamline Docker image build and push steps using build-push-action --- .github/workflows/docker-build-and-push.yml | 44 +++++++++------------ 1 file changed, 18 insertions(+), 26 deletions(-) diff --git a/.github/workflows/docker-build-and-push.yml b/.github/workflows/docker-build-and-push.yml index 74af5699b..5e2e238e9 100644 --- a/.github/workflows/docker-build-and-push.yml +++ b/.github/workflows/docker-build-and-push.yml @@ -68,30 +68,22 @@ jobs: # Create historical tag using TAG, DATE_TAG, and RUN_ID echo "HISTORICAL_TAG=${{ env.TAG }}_${DATE_TAG}_${RUN_ID}" >> $GITHUB_ENV - - name: Build and push Docker images optionally - run: | - # Backend Image Build and Push - cd src/backend - docker build -t ${{ secrets.ACR_LOGIN_SERVER }}/macaebackend:${{ env.TAG }} -f Dockerfile . && \ - docker tag ${{ secrets.ACR_LOGIN_SERVER }}/macaebackend:${{ env.TAG }} ${{ secrets.ACR_LOGIN_SERVER }}/macaebackend:${{ env.HISTORICAL_TAG }} && \ - - if [[ "${{ env.TAG }}" == "latest" || "${{ env.TAG }}" == "dev" || "${{ env.TAG }}" == "demo" || "${{ env.TAG }}" == "hotfix" || "${{ env.TAG }}" == "psl-conregchanges" ]]; then - docker push ${{ secrets.ACR_LOGIN_SERVER }}/macaebackend:${{ env.TAG }} && \ - docker push ${{ secrets.ACR_LOGIN_SERVER }}/macaebackend:${{ env.HISTORICAL_TAG }} && \ - echo "Backend image built and pushed successfully." - else - echo "Skipping Docker push for backend with tag: ${{ env.TAG }}" - fi - - # Frontend Image Build and Push - cd ../frontend - docker build -t ${{ secrets.ACR_LOGIN_SERVER }}/macaefrontend:${{ env.TAG }} -f Dockerfile . && \ - docker tag ${{ secrets.ACR_LOGIN_SERVER }}/macaefrontend:${{ env.TAG }} ${{ secrets.ACR_LOGIN_SERVER }}/macaefrontend:${{ env.HISTORICAL_TAG }} && \ + - name: Build and optionally push Backend Docker image + uses: docker/build-push-action@v6 + with: + context: ./src/backend + file: ./src/backend/Dockerfile + push: ${{ env.TAG != 'pullrequest-ignore' }} + tags: | + ${{ secrets.ACR_LOGIN_SERVER }}/macaebackend:${{ env.TAG }} + ${{ secrets.ACR_LOGIN_SERVER }}/macaebackend:${{ env.HISTORICAL_TAG }} - if [[ "${{ env.TAG }}" == "latest" || "${{ env.TAG }}" == "dev" || "${{ env.TAG }}" == "demo" || "${{ env.TAG }}" == "hotfix" || "${{ env.TAG }}" == "psl-conregchanges" ]]; then - docker push ${{ secrets.ACR_LOGIN_SERVER }}/macaefrontend:${{ env.TAG }} && \ - docker push ${{ secrets.ACR_LOGIN_SERVER }}/macaefrontend:${{ env.HISTORICAL_TAG }} && \ - echo "Frontend image built and pushed successfully." - else - echo "Skipping Docker push for frontend with tag: ${{ env.TAG }}" - fi + - name: Build and optionally push Frontend Docker image + uses: docker/build-push-action@v6 + with: + context: ./src/frontend + file: ./src/frontend/Dockerfile + push: ${{ env.TAG != 'pullrequest-ignore' }} + tags: | + ${{ secrets.ACR_LOGIN_SERVER }}/macaefrontend:${{ env.TAG }} + ${{ secrets.ACR_LOGIN_SERVER }}/macaefrontend:${{ env.HISTORICAL_TAG }} \ No newline at end of file From 706b48a42c6604e851313caaf8b02ada2056ec82 Mon Sep 17 00:00:00 2001 From: Abdul-Microsoft Date: Wed, 7 May 2025 15:45:49 +0530 Subject: [PATCH 14/16] remove feature branch from Docker build workflow triggers --- .github/workflows/docker-build-and-push.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/docker-build-and-push.yml b/.github/workflows/docker-build-and-push.yml index 5e2e238e9..a6d2c59a4 100644 --- a/.github/workflows/docker-build-and-push.yml +++ b/.github/workflows/docker-build-and-push.yml @@ -7,7 +7,6 @@ on: - dev - demo - hotfix - - feature/psl-conregchanges pull_request: types: - opened @@ -33,7 +32,7 @@ jobs: uses: docker/setup-buildx-action@v1 - name: Log in to Azure Container Registry - if: ${{ github.ref_name == 'main' || github.ref_name == 'dev' || github.ref_name == 'demo' || github.ref_name == 'hotfix' || github.ref_name == 'feature/psl-conregchanges' }} + if: ${{ github.ref_name == 'main' || github.ref_name == 'dev' || github.ref_name == 'demo' || github.ref_name == 'hotfix' }} uses: azure/docker-login@v2 with: login-server: ${{ secrets.ACR_LOGIN_SERVER }} @@ -55,8 +54,6 @@ jobs: echo "TAG=demo" >> $GITHUB_ENV elif [[ "${{ github.ref }}" == "refs/heads/hotfix" ]]; then echo "TAG=hotfix" >> $GITHUB_ENV - elif [[ "${{ github.ref }}" == "refs/heads/feature/psl-conregchanges" ]]; then - echo "TAG=psl-conregchanges" >> $GITHUB_ENV else echo "TAG=pullrequest-ignore" >> $GITHUB_ENV fi From 51c2d7000d36f43fb218c1ea4ae83f9143dd568c Mon Sep 17 00:00:00 2001 From: Travis Hilbert Date: Wed, 7 May 2025 09:42:37 -0700 Subject: [PATCH 15/16] Testing ai key error fix --- infra/deploy_ai_foundry.bicep | 8 ++++---- infra/main.bicep | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/infra/deploy_ai_foundry.bicep b/infra/deploy_ai_foundry.bicep index ee9b3b37b..328a37ea1 100644 --- a/infra/deploy_ai_foundry.bicep +++ b/infra/deploy_ai_foundry.bicep @@ -6,7 +6,7 @@ param gptModelName string param gptModelVersion string param managedIdentityObjectId string param aiServicesEndpoint string -param aiServicesKey string +param aiServices object param aiServicesId string var storageName = '${solutionName}hubstorage' @@ -136,7 +136,7 @@ resource aiHub 'Microsoft.MachineLearningServices/workspaces@2023-08-01-preview' authType: 'ApiKey' isSharedToAll: true credentials: { - key: aiServicesKey + key: aiServices.Key.key1 } metadata: { ApiType: 'Azure' @@ -187,7 +187,7 @@ resource azureOpenAIApiKeyEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-pr parent: keyVault name: 'AZURE-OPENAI-KEY' properties: { - value: aiServicesKey //aiServices_m.listKeys().key1 + value: aiServices.Key.key1 //aiServices_m.listKeys().key1 } } @@ -251,7 +251,7 @@ resource cogServiceKeyEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-previe parent: keyVault name: 'COG-SERVICES-KEY' properties: { - value: aiServicesKey + value: aiServices.Key.key1 } } diff --git a/infra/main.bicep b/infra/main.bicep index fb912167e..cdaf6ddda 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -168,7 +168,7 @@ module aifoundry 'deploy_ai_foundry.bicep' = { gptModelVersion: gptModelVersion managedIdentityObjectId: managedIdentityModule.outputs.managedIdentityOutput.objectId aiServicesEndpoint: aiServices.properties.endpoint - aiServicesKey: aiServices.listKeys().key1 + aiServices: aiServices aiServicesId: aiServices.id } scope: resourceGroup(resourceGroup().name) From 6b0b574e2109217ca22d91c724becd8bf54b5984 Mon Sep 17 00:00:00 2001 From: Abdul-Microsoft Date: Fri, 9 May 2025 17:27:40 +0530 Subject: [PATCH 16/16] fix for disable local auth issues --- infra/deploy_ai_foundry.bicep | 11 ++++------- infra/main.bicep | 11 ++++++++++- infra/main.json | 23 +++++++++++++++++------ 3 files changed, 31 insertions(+), 14 deletions(-) diff --git a/infra/deploy_ai_foundry.bicep b/infra/deploy_ai_foundry.bicep index 328a37ea1..a922a6b16 100644 --- a/infra/deploy_ai_foundry.bicep +++ b/infra/deploy_ai_foundry.bicep @@ -6,7 +6,7 @@ param gptModelName string param gptModelVersion string param managedIdentityObjectId string param aiServicesEndpoint string -param aiServices object +param aiServicesKey string param aiServicesId string var storageName = '${solutionName}hubstorage' @@ -133,11 +133,8 @@ resource aiHub 'Microsoft.MachineLearningServices/workspaces@2023-08-01-preview' properties: { category: 'AIServices' target: aiServicesEndpoint - authType: 'ApiKey' + authType: 'AAD' isSharedToAll: true - credentials: { - key: aiServices.Key.key1 - } metadata: { ApiType: 'Azure' ResourceId: aiServicesId @@ -187,7 +184,7 @@ resource azureOpenAIApiKeyEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-pr parent: keyVault name: 'AZURE-OPENAI-KEY' properties: { - value: aiServices.Key.key1 //aiServices_m.listKeys().key1 + value: aiServicesKey //aiServices_m.listKeys().key1 } } @@ -251,7 +248,7 @@ resource cogServiceKeyEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-previe parent: keyVault name: 'COG-SERVICES-KEY' properties: { - value: aiServices.Key.key1 + value: aiServicesKey } } diff --git a/infra/main.bicep b/infra/main.bicep index cdaf6ddda..dd9253cec 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -168,7 +168,7 @@ module aifoundry 'deploy_ai_foundry.bicep' = { gptModelVersion: gptModelVersion managedIdentityObjectId: managedIdentityModule.outputs.managedIdentityOutput.objectId aiServicesEndpoint: aiServices.properties.endpoint - aiServices: aiServices + aiServicesKey: aiServices.listKeys().key1 aiServicesId: aiServices.id } scope: resourceGroup(resourceGroup().name) @@ -462,6 +462,15 @@ resource aiDeveloperAccessProj 'Microsoft.Authorization/roleAssignments@2022-04- } } +resource aiDevelopertoAIProject 'Microsoft.Authorization/roleAssignments@2022-04-01' = { + name: guid(aiServices.name, aiHubProject.id, aiDeveloper.id) + scope: aiServices + properties: { + roleDefinitionId: aiDeveloper.id + principalId: aiHubProject.identity.principalId + } +} + var cosmosAssignCli = 'az cosmosdb sql role assignment create --resource-group "${resourceGroup().name}" --account-name "${cosmos.name}" --role-definition-id "${cosmos::contributorRoleDefinition.id}" --scope "${cosmos.id}" --principal-id "${containerApp.identity.principalId}"' module managedIdentityModule 'deploy_managed_identity.bicep' = { diff --git a/infra/main.json b/infra/main.json index ccecd8751..5856f035b 100644 --- a/infra/main.json +++ b/infra/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.35.1.17967", - "templateHash": "18228555099764132241" + "templateHash": "8798142813454376636" } }, "parameters": { @@ -546,6 +546,20 @@ "containerApp" ] }, + "aiDevelopertoAIProject": { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.CognitiveServices/accounts/{0}', variables('aiServicesName'))]", + "name": "[guid(variables('aiServicesName'), resourceId('Microsoft.MachineLearningServices/workspaces', format('{0}-aiproject', parameters('prefix'))), resourceId('Microsoft.Authorization/roleDefinitions', '64702f94-c441-49e6-a78b-ef80e0188fee'))]", + "properties": { + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '64702f94-c441-49e6-a78b-ef80e0188fee')]", + "principalId": "[reference('aiHubProject', '2024-01-01-preview', 'full').identity.principalId]" + }, + "dependsOn": [ + "aiHubProject", + "aiServices" + ] + }, "kvault": { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -712,7 +726,7 @@ "_generator": { "name": "bicep", "version": "0.35.1.17967", - "templateHash": "9490638595753234802" + "templateHash": "12578060348489775267" } }, "parameters": { @@ -767,11 +781,8 @@ "properties": { "category": "AIServices", "target": "[parameters('aiServicesEndpoint')]", - "authType": "ApiKey", + "authType": "AAD", "isSharedToAll": true, - "credentials": { - "key": "[parameters('aiServicesKey')]" - }, "metadata": { "ApiType": "Azure", "ResourceId": "[parameters('aiServicesId')]"