Skip to content

Commit 1de3427

Browse files
blessing-sanusiblessing-sanusi
committed
exisitng ai project
1 parent dd5ade8 commit 1de3427

File tree

3 files changed

+78
-6
lines changed

3 files changed

+78
-6
lines changed

infra/deploy_ai_foundry.bicep

Lines changed: 75 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@ var existingAIServiceResourceGroup = !empty(azureExistingAIProjectResourceId)
5353
? split(azureExistingAIProjectResourceId, '/')[4]
5454
: ''
5555
var aiSearchConnectionName = 'foundry-search-connection-${solutionName}'
56-
// var aiAppInsightConnectionName = 'foundry-app-insights-connection-${solutionName}'
56+
var aiAppInsightConnectionName = 'foundry-app-insights-connection-${solutionName}'
5757

5858
var aiModelDeployments = [
5959
{
@@ -219,6 +219,74 @@ module existing_AIProject_SearchConnectionModule 'deploy_aifp_aisearch_connectio
219219
}
220220
}
221221

222+
resource cognitiveServicesOpenAIUser 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = {
223+
name: '5e0bd9bd-7b93-4f28-af87-19fc36ad61bd'
224+
}
225+
226+
module assignOpenAIRoleToAISearch 'deploy_foundry_role_assignment.bicep' = {
227+
name: 'assignOpenAIRoleToAISearch'
228+
scope: resourceGroup(existingAIServiceSubscription, existingAIServiceResourceGroup)
229+
params: {
230+
roleDefinitionId: cognitiveServicesOpenAIUser.id
231+
roleAssignmentName: guid(resourceGroup().id, aiSearch.id, cognitiveServicesOpenAIUser.id, 'openai-foundry')
232+
aiFoundryName: !empty(azureExistingAIProjectResourceId) ? existingAIFoundryName : aiFoundryName
233+
aiProjectName: !empty(azureExistingAIProjectResourceId) ? existingAIProjectName : aiProjectName
234+
principalId: aiSearch.identity.principalId
235+
}
236+
}
237+
238+
@description('This is the built-in Search Index Data Reader role.')
239+
resource searchIndexDataReaderRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = {
240+
scope: aiSearch
241+
name: '1407120a-92aa-4202-b7e9-c0e197c71c8f'
242+
}
243+
244+
resource searchIndexDataReaderRoleAssignmentToAIFP 'Microsoft.Authorization/roleAssignments@2022-04-01' = if (empty(azureExistingAIProjectResourceId)) {
245+
name: guid(aiSearch.id, aiFoundryProject.id, searchIndexDataReaderRoleDefinition.id)
246+
scope: aiSearch
247+
properties: {
248+
roleDefinitionId: searchIndexDataReaderRoleDefinition.id
249+
principalId: aiFoundryProject.identity.principalId
250+
principalType: 'ServicePrincipal'
251+
}
252+
}
253+
resource assignSearchIndexDataReaderToExistingAiProject 'Microsoft.Authorization/roleAssignments@2022-04-01' = if (!empty(azureExistingAIProjectResourceId)) {
254+
name: guid(resourceGroup().id, existingAIProjectName, searchIndexDataReaderRoleDefinition.id, 'Existing')
255+
scope: aiSearch
256+
properties: {
257+
roleDefinitionId: searchIndexDataReaderRoleDefinition.id
258+
principalId: assignOpenAIRoleToAISearch.outputs.aiProjectPrincipalId
259+
principalType: 'ServicePrincipal'
260+
}
261+
}
262+
263+
@description('This is the built-in Search Service Contributor role.')
264+
resource searchServiceContributorRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = {
265+
scope: aiSearch
266+
name: '7ca78c08-252a-4471-8644-bb5ff32d4ba0'
267+
}
268+
269+
resource searchServiceContributorRoleAssignmentToAIFP 'Microsoft.Authorization/roleAssignments@2022-04-01' = if (empty(azureExistingAIProjectResourceId)) {
270+
name: guid(aiSearch.id, aiFoundryProject.id, searchServiceContributorRoleDefinition.id)
271+
scope: aiSearch
272+
properties: {
273+
roleDefinitionId: searchServiceContributorRoleDefinition.id
274+
principalId: aiFoundryProject.identity.principalId
275+
principalType: 'ServicePrincipal'
276+
}
277+
}
278+
279+
resource searchServiceContributorRoleAssignmentExisting 'Microsoft.Authorization/roleAssignments@2022-04-01' = if (!empty(azureExistingAIProjectResourceId)) {
280+
name: guid(resourceGroup().id, existingAIProjectName, searchServiceContributorRoleDefinition.id, 'Existing')
281+
scope: aiSearch
282+
properties: {
283+
roleDefinitionId: searchServiceContributorRoleDefinition.id
284+
principalId: assignOpenAIRoleToAISearch.outputs.aiProjectPrincipalId
285+
principalType: 'ServicePrincipal'
286+
}
287+
}
288+
289+
222290
resource tenantIdEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview' = {
223291
parent: keyVault
224292
name: 'TENANT-ID'
@@ -227,6 +295,7 @@ resource tenantIdEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview' =
227295
}
228296
}
229297

298+
230299
resource azureOpenAIDeploymentModel 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview' = {
231300
parent: keyVault
232301
name: 'AZURE-OPEN-AI-DEPLOYMENT-MODEL'
@@ -247,9 +316,12 @@ resource azureOpenAIEndpointEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-
247316
parent: keyVault
248317
name: 'AZURE-OPENAI-ENDPOINT'
249318
properties: {
250-
value: aiFoundry.properties.endpoints['OpenAI Language Model Instance API'] //aiServices_m.properties.endpoint
319+
value: !empty(existingOpenAIEndpoint)
320+
? existingOpenAIEndpoint
321+
: aiFoundry.properties.endpoints['OpenAI Language Model Instance API']
251322
}
252-
}
323+
}
324+
253325

254326
resource azureSearchAdminKeyEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview' = {
255327
parent: keyVault

infra/deploy_app_service.bicep

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -159,7 +159,7 @@ resource Website 'Microsoft.Web/sites@2020-06-01' = {
159159
alwaysOn: true
160160
ftpsState: 'Disabled'
161161
appSettings: [
162-
{
162+
{
163163
name: 'APPINSIGHTS_INSTRUMENTATIONKEY'
164164
value: reference(applicationInsightsId, '2015-05-01').InstrumentationKey
165165
}
@@ -401,7 +401,7 @@ module assignAiUserRoleToAiProject 'deploy_foundry_role_assignment.bicep' = {
401401
scope: resourceGroup(existingAIServiceSubscription, existingAIServiceResourceGroup)
402402
params: {
403403
principalId: Website.identity.principalId
404-
roleDefinitionId: aiUserRoleDefinitionFoundryProject.id
404+
roleDefinitionId: aiUserRoleDefinitionFoundry.id
405405
roleAssignmentName: guid(Website.name, aiFoundry.id, aiUserRoleDefinitionFoundry.id)
406406
aiFoundryName: !empty(azureExistingAIProjectResourceId) ? existingAIServicesName : aiFoundryName
407407
}

infra/main.bicep

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,7 @@ param imageTag string = 'latest'
6565
param existingLogAnalyticsWorkspaceId string = ''
6666

6767
@description('Use this parameter to use an existing AI project resource ID')
68-
param azureExistingAIProjectResourceId string = ''
68+
param azureExistingAIProjectResourceId string = '/subscriptions/ff9b5430-90ea-44c0-8a00-e488c1bf56f4/resourceGroups/rg-bsanusi-5842/providers/Microsoft.CognitiveServices/accounts/bsanusi-5842-resource/projects/bsanusi-5842'
6969

7070
var solutionLocation = empty(AZURE_LOCATION) ? resourceGroup().location : AZURE_LOCATION
7171

0 commit comments

Comments
 (0)