update ai translation app policies

Author: VipulMascarenhas

ai-hub/ai-translation/policies/terraform/api_gateway.tf

@@ -40,6 +40,7 @@ resource "oci_apigateway_deployment" "ai_application_apigateway_deployment" {
           type                               = "OAUTH2"
           use_cookies_for_intermediate_steps = "true"
           use_cookies_for_session            = "true"
+          max_expiry_duration_in_hours       = 1
         }
         validation_policy {
           additional_validation_policy {

ai-hub/ai-translation/policies/terraform/container_instances.tf

@@ -4,7 +4,7 @@ resource "oci_container_instances_container_instance" "ai_container_instance" {
   compartment_id      = var.vcn_compartment_id
   containers {
     #Required
-    image_url = local.image
+    image_url = local.container_image
 
     #Optional
     environment_variables = {
@@ -16,7 +16,7 @@ resource "oci_container_instances_container_instance" "ai_container_instance" {
       NUM_WORKERS              = var.num_workers
       TASK_STORE               = "TMPDIR"
       LOG_DIR                  = var.translation_log_dir
-      PROJECT_COMPARTMENT_OCID = var.compartment_ocid
+      PROJECT_COMPARTMENT_OCID = var.data_science_project_compartment_id
       PROCESSING_JOB_OCID      = oci_datascience_job.ai_job.id
       OCI_CACHE_ENDPOINT       = var.oci_cache_endpoint
       BACKEND_MD_URL           = oci_datascience_model_deployment.ai_deployment.model_deployment_url

ai-hub/ai-translation/policies/terraform/datascience_job.tf

@@ -3,7 +3,7 @@ resource "oci_datascience_job" "ai_job" {
   # Required
   display_name   = var.job_display_name
   description    = local.job_desc
-  compartment_id = var.compartment_ocid
+  compartment_id = var.data_science_project_compartment_id
   project_id     = var.project_ocid
 
   job_configuration_details {
@@ -31,8 +31,8 @@ resource "oci_datascience_job" "ai_job" {
     job_environment_type = "OCIR_CONTAINER"
     image                = local.image
     # image_digest         = local.digest
-    entrypoint           = local.job_entrypoint
-    cmd                  = local.job_cmd
+    entrypoint = local.job_entrypoint
+    cmd        = local.job_cmd
   }
 
   # Logging

ai-hub/ai-translation/policies/terraform/identity_app.tf

@@ -14,7 +14,7 @@ resource "oci_identity_domains_app" "ai_application_confidential_app" {
   bypass_consent            = true
   allowed_grants            = ["authorization_code", "client_credentials", "urn:ietf:params:oauth:grant-type:jwt-bearer", "implicit"]
   all_url_schemes_allowed   = true
-  redirect_uris             = ["https://${oci_apigateway_gateway.ai_application_oci_apigateway_gateway.hostname}/","https://${oci_apigateway_gateway.ai_application_oci_apigateway_gateway.hostname}/ui/playground", "https://${oci_apigateway_gateway.ai_application_oci_apigateway_gateway.hostname}/ui", "https://${oci_apigateway_gateway.ai_application_oci_apigateway_gateway.hostname}/ui/docs", "https://${oci_apigateway_gateway.ai_application_oci_apigateway_gateway.hostname}/ui/"]
+  redirect_uris             = ["https://${oci_apigateway_gateway.ai_application_oci_apigateway_gateway.hostname}/", "https://${oci_apigateway_gateway.ai_application_oci_apigateway_gateway.hostname}/ui/playground", "https://${oci_apigateway_gateway.ai_application_oci_apigateway_gateway.hostname}/ui", "https://${oci_apigateway_gateway.ai_application_oci_apigateway_gateway.hostname}/ui/docs", "https://${oci_apigateway_gateway.ai_application_oci_apigateway_gateway.hostname}/ui/"]
   post_logout_redirect_uris = ["https://${oci_apigateway_gateway.ai_application_oci_apigateway_gateway.hostname}/"]
   audience                  = oci_apigateway_gateway.ai_application_oci_apigateway_gateway.hostname
 }

ai-hub/ai-translation/policies/terraform/model.tf

@@ -27,9 +27,9 @@ data "archive_file" "model_zip" {
 
 # dummy Model catalog entry with artifact
 resource "oci_datascience_model" "ai_model" {
-  compartment_id = var.compartment_ocid
+  compartment_id = var.data_science_project_compartment_id
   project_id     = var.project_ocid
-  display_name = var.model_display_name
+  display_name   = var.model_display_name
   description    = local.model_desc
 
   # Upload artifact inline (ZIP created above)

ai-hub/ai-translation/policies/terraform/model_deployment.tf

@@ -3,7 +3,7 @@ resource "oci_datascience_model_deployment" "ai_deployment" {
   # Required
   display_name   = var.deployment_display_name
   description    = local.md_desc
-  compartment_id = var.compartment_ocid
+  compartment_id = var.data_science_project_compartment_id
   project_id     = var.project_ocid
 
   model_deployment_configuration_details {
@@ -29,7 +29,7 @@ resource "oci_datascience_model_deployment" "ai_deployment" {
     }
 
     environment_configuration_details {
-      image                          = local.image
+      image = local.image
       # image_digest                   = local.digest
       environment_configuration_type = "OCIR_CONTAINER"
       # Environment variables are customized based on the AI app.
@@ -42,24 +42,38 @@ resource "oci_datascience_model_deployment" "ai_deployment" {
         NUM_WORKERS                   = var.num_workers
         TASK_STORE                    = "TMPDIR",
         LOG_DIR                       = var.translation_log_dir
-        PROJECT_COMPARTMENT_OCID      = var.compartment_ocid
+        PROJECT_COMPARTMENT_OCID      = var.data_science_project_compartment_id
         PROCESSING_JOB_OCID           = oci_datascience_job.ai_job.id
         OCI_CACHE_ENDPOINT            = var.oci_cache_endpoint
-        MODEL_DEPLOY_CUSTOM_ENDPOINTS = "[{\"endpointURI\": \"/api/languages\", \"httpMethods\": [\"GET\"]}, {\"endpointURI\": \"/api/batch\", \"httpMethods\": [\"POST\"]}, {\"endpointURI\": \"/api/task\", \"httpMethods\": [\"GET\"]}, {\"endpointURI\": \"/api/translate\", \"httpMethods\": [\"GET\", \"POST\"]}, {\"endpointURI\": \"/api/translate\", \"httpMethods\": [\"POST\"], \"streaming\": true}]"
+        MODEL_DEPLOY_CUSTOM_ENDPOINTS = "[{\"endpointURI\": \"/api/languages\", \"httpMethods\": [\"GET\"]}, {\"endpointURI\": \"/api/batch\", \"httpMethods\": [\"POST\"]}, {\"endpointURI\": \"/api/task\", \"httpMethods\": [\"GET\"]}, {\"endpointURI\": \"/api/translate\", \"httpMethods\": [\"GET\", \"POST\"]}, {\"endpointURI\": \"/api/translate\", \"httpMethods\": [\"POST\"], \"streaming\": true}, {\"endpointURI\": \"/mcp/\", \"httpMethods\": [\"POST\"], \"streaming\": true}]"
       }
     }
   }
 
   # Logging, use the same log group and log ocid to reduce the variables.
-  category_log_details {
-    access {
-      log_group_id = var.log_group_ocid
-      log_id       = var.log_ocid
-    }
-    predict {
-      log_group_id = var.log_group_ocid
-      log_id       = var.log_ocid
+  dynamic "category_log_details" {
+    for_each = (
+      var.log_group_ocid != null && var.log_ocid != "" &&
+      var.log_group_ocid != null && var.log_ocid != ""
+    ) ? [1] : []
+
+    content {
+      access {
+        log_group_id = var.log_group_ocid
+        log_id       = var.log_ocid
+      }
+      predict {
+        log_group_id = var.log_group_ocid
+        log_id       = var.log_ocid
+      }
     }
   }
 
+  freeform_tags = {
+    "ai-hub-solution-name" = "LLM based translation"
+    "ai_solution_playground_url" = "https://${oci_apigateway_gateway.ai_application_oci_apigateway_gateway.hostname}/"
+    "ai_solution_mcp_endpoint" = "https://${oci_apigateway_gateway.ai_application_oci_apigateway_gateway.hostname}/mcp"
+    "ai_solution_api_endpoint_list_apis" = "https://${oci_apigateway_gateway.ai_application_oci_apigateway_gateway.hostname}/api/translate"
+  }
+
 }

ai-hub/ai-translation/policies/terraform/output.tf

@@ -5,7 +5,7 @@ output "base_url" {
 
 output "mcp_endpoint" {
   description = "MCP Endpoint"
-  value       = "${oci_apigateway_deployment.ai_application_apigateway_deployment.endpoint}mcp"
+  value       = "${oci_datascience_model_deployment.ai_deployment.model_deployment_url}/predictWithResponseStream/mcp/"
 }
 
 output "playground_ui" {
@@ -25,15 +25,15 @@ output "api_schema" {
 
 output "api_endpoint_default" {
   description = "API Endpoint - Translate"
-  value       = "${oci_apigateway_deployment.ai_application_apigateway_deployment.endpoint}api/translate"
+  value       = "${oci_datascience_model_deployment.ai_deployment.model_deployment_url}/predictWithResponseStream/api/translate"
 }
 
 output "api_endpoint_batch" {
   description = "API Endpoint - Batch Translation Job"
-  value       = "${oci_apigateway_deployment.ai_application_apigateway_deployment.endpoint}api/batch"
+  value       = "${oci_datascience_model_deployment.ai_deployment.model_deployment_url}/predict/api/batch"
 }
 
 output "api_endpoint_list_languages" {
   description = "API Endpoint - Supported Languages"
-  value       = "${oci_apigateway_deployment.ai_application_apigateway_deployment.endpoint}api/languages"
+  value       = "${oci_datascience_model_deployment.ai_deployment.model_deployment_url}/predict/api/languages"
 }

ai-hub/ai-translation/policies/terraform/policies.tf

@@ -0,0 +1,27 @@
+resource "oci_identity_dynamic_group" "ai_solution_group" {
+  compartment_id = var.tenancy_ocid
+  description    = "Dynamic Group for AI Solution"
+  name           = "ai_solution_group-${random_string.randomstring.result}"
+  matching_rule  = "any { all {resource.type='datasciencemodeldeployment',resource.compartment.id='${var.data_science_project_compartment_id}'}, all {resource.type='apigateway',resource.compartment.id='${var.compartment_ocid}'},all {resource.type='computecontainerinstance',resource.compartment.id='${var.vcn_compartment_id}'},all {resource.type='datasciencejobrun', resource.compartment.id='${var.data_science_project_compartment_id}'}}"
+}
+
+locals {
+  policies = [
+    "allow service datascience to use virtual-network-family in compartment id ${var.vcn_compartment_id}",
+    "allow dynamic-group ${oci_identity_dynamic_group.ai_solution_group.name} to manage secret-family in compartment id ${var.vault_compartment_id}",
+    "allow dynamic-group ${oci_identity_dynamic_group.ai_solution_group.name} to use virtual-network-family in compartment id ${var.vcn_compartment_id}",
+    "allow dynamic-group ${oci_identity_dynamic_group.ai_solution_group.name} to use logging-family in compartment id ${var.log_compartment_id}",
+    "allow dynamic-group ${oci_identity_dynamic_group.ai_solution_group.name} to manage data-science-family in compartment id ${var.data_science_project_compartment_id}",
+    "allow dynamic-group ${oci_identity_dynamic_group.ai_solution_group.name} to manage generative-ai-family in tenancy",
+    "allow dynamic-group ${oci_identity_dynamic_group.ai_solution_group.name} to manage generative-ai-family in compartment id ${var.data_science_project_compartment_id}",
+    "allow dynamic-group ${oci_identity_dynamic_group.ai_solution_group.name} to read repos in tenancy"
+  ]
+}
+
+resource "oci_identity_policy" "ai_solution_policies" {
+    compartment_id = "${var.tenancy_ocid}"
+    description    = "Dynamic group policies for AI Solution"
+    name           = "ai_solution_policies-${random_string.randomstring.result}"
+    statements     = local.policies
+    depends_on = [oci_identity_dynamic_group.ai_solution_group]
+}

ai-hub/ai-translation/policies/terraform/schema.yaml

@@ -16,13 +16,15 @@ variableGroups:
       - vcn_display_name
       - deployment_type
       - model_display_name
+      - shape
 
   - title: "General Configuration"
     variables:
       - compartment_ocid
       - availability_domain
-      - shape
+      - data_science_project_compartment_id
       - project_ocid
+      - log_compartment_id
       - log_group_ocid
       - log_ocid
   - title: "Application Configurations"
@@ -97,18 +99,30 @@ variables:
     title: Data Science Project
     description: The Data Science Project for creating model deployments and jobs.
     dependsOn:
-      compartmentId: ${compartment_ocid}
+      compartmentId: ${data_science_project_compartment_id}
+  log_compartment_id:
+    type: oci:identity:compartment:id
+    required: false
+    title: Logs Compartment Id
+    description: Compartment in which Log Group and Logs are present.
+    default: compartment_ocid
   log_group_ocid:
     type: string
-    required: true
+    required: false
     title: Log Group OCID
     description: Log Group OCID.
   log_ocid:
     type: string
-    required: true
+    required: false
     title: Log OCID
     description: Log OCID.
   # Application
+  data_science_project_compartment_id:
+    type: oci:identity:compartment:id
+    required: true
+    title: Data Science Project Compartment Id
+    description: Compartment in which Data Science Project is present.
+    default: compartment_ocid
   model_backend:
     type: enum
     required: true

ai-hub/ai-translation/policies/terraform/variables.tf

@@ -77,16 +77,30 @@ variable "key_id" {
   default     = "none"
 }
 
+variable "data_science_project_compartment_id" {
+  description = "Compartment in which Data Science Project is present"
+  type        = string
+}
+
 variable "project_ocid" {
-  type = string
+  type        = string
   description = "Data Science project in which resources needs to be created"
 }
 
+variable "log_compartment_id" {
+  description = "Compartment in which Logs are present"
+  type        = string
+}
+
 variable "log_group_ocid" {
-  default = "ocid1.loggroup.oc1.iad.amaaaaaav66vvniaidjweu7sgg5qgx7yzri5yb4xw3qnqsg6szl2xdh7scka"
+  type        = string
+  description = "Log Group Ocid where logs will be stored"
+  default = ""
 }
 variable "log_ocid" {
-  default = "ocid1.log.oc1.iad.amaaaaaav66vvnia3h4o6otedz4lz23zex6z2pei6yjqszb7zdfswaa5srca"
+  type        = string
+  description = "Log ocid where where logs needs to be stored"
+  default = ""
 }
 
 variable "shape" {
@@ -167,13 +181,14 @@ locals {
   app_subnet_id    = (var.create_new_vcn ? oci_core_subnet.app_oci_core_subnet[0].id : var.existing_app_subnet_id)
   api_gw_subnet_id = (var.create_new_vcn ? oci_core_subnet.api_gw_oci_core_subnet[0].id : var.existing_api_gw_subnet_id)
 
-  image          = "dsmc://ai-translation:0.1.0-dev.16"
-  digest         = "sha256:124f2834142305c3f53f63d0c3f8aa071b9180d50f1c8c17fbf66937f183804c"
+  container_image = "iad.ocir.io/id1ytzpctjnn/dsmc/aisolution/ai_translation:0.1.0"
+  image          = "dsmc://ai_translation:0.1.0"
+  digest         = "sha256:381d884387b7015eb02c7eb7c4d4e9d125249befd2a425f0811cf282d47065ae"
   job_desc       = "Job for batch translation"
   job_entrypoint = ["python"]
   job_cmd        = ["/opt/app/batch.py"]
   md_desc        = "Deployment for AI translation Application"
-  model_desc = "Data Science Model for AI Translation Deployment"
+  model_desc     = "Data Science Model for AI Translation Deployment"
 }