Sample Application (#49)

* App Sample - init commit, app servce bicep, bicep cleanup, auth scripts

* Sample app - auth automation

* App Sample - bicep updates and cleanup WIP

* Sample app - removed index creation from infra, workspace cleanup, private conn fixes

* Sample app - added initial docs, infra cleanup

* App - setup instructions

* App - Virtual Network refactoring, key vault purge fix

* App - added secrets to keyvault. doc updates

* App - documentation updates

* App - minor docs update

* App - azure.yaml update for multiple hook scripts for quota and auth_init

* Rebuilt main.json. added warning lint removal for dependson

* feat: Added Data ingestion script & fixes for Sample App (#63)

* add cognitive avm content
change api to preview
remove hub and project from foundry folder
add cognitive module calling the revised avm content.

* update to api version
added project to avm module

* remove aihub aiproject

* update name outputs for project

* update parameter outputs

* removed duplicate cognitive
added proj name output

* updates to deployment and service connections

* update errors for proj

* add location

* location added to project

* add preview to api for project

* update projname

* update name length

* update length of project name

* remove connection

* name changed

* pass cognitive name to existing

* update cognitive name

* storage connection

* update project

* add additional parameters

* add search connection to project

* update project api

* update search resource name

* update main

* update storage connection name

* storage account existing connection added

* update storage account info

* update storage api

* storage name

* update the storage name

* update category to storage

* update storage connection category to AzureBlob

* update storage name

* add cosmos (without flag check)
add default container for storage

* update cosmos settings

* update cosmosdb parameters in project

* cosmosdb parameters

* add api version metadata

* cosmosdb connection api set to 04-01

* remove cosmos references

* add cosmos

* apply disable local auth to project

* adding network acl parameter to aiservicesaccount

* change property to deny from null

* update CKM enforcement to disabled

* update the network acl parameter to allow azure services, and to add the subnet rule.

* Add cogntive service user to aiServices module by default.
This solves the inability to reach the index from within AI Foundry

* Update role assignments for search service. Add Search Index contributor and Search Index Reader to user

* Added additional role to user for Cognitive Services Contributor.  Control Plane API call access

* Add AI Developer role to user

* Add UserObjectID parameter to aisearch module in main.bicep

* add the AI Developer role by id and not name

* update the role definition ID for AI Developer

* removal of the Azure AI Developer role provisioning

* added dependency for project connection. for search

* add searchEnabled param to main

* remove cognitive

* update cosmos db api

* update if search enabled

* Add Azure AI Developer role name

* remove cosmosdb

* remove existing cosmosdb

* restore cosmos db

* update cosmosdb api

* Add conditional checks for cosmos

* update cosmosdbName

* update cosmosdb name cosmosDBname

* update parameter name cosmosDBname

* change search service dns to private and not public url

* changed it back to normal endpoint public for resolution

* add private end point to project

* update vnet parameters for project

* added conditional check to search name

* add one conditional check to search in project deployment line 251

* update private end point parameter

* update vm and subnet name parameters

* update network parameters

* update subnet id for project pep

* update the private link connection for project

* revert back to foundry

* update to readme for 1RP

* update change log with updates

* Add additional documentation

* Readme updates related to FDP updates

* Updates to configuration documentation

* removed mention of one-click deploy

* Add links to the new resources in cognitive services

* update infra dwg
update links

* update to network acl

* update to project creation

* testing of AVM modle pr

* remove project parameters

* Update to avm pr code

* update the image path

* update defaultName

* fix: Fixed issues when networkisolation flag is set to false

* feat: Added Secrets to keyvault which would be used to run the data ingestion script & fixed the issue related to authentication

* feat: Added scripts to chunck and ingest data into azure search service

* fix: Removed unused param

* feat: Added the Roles required to execute the script through VM

* fix: Added role assignments & identity for vm

* feat: Added changes for running script through VM

* fix: Added missing role assignments

* fix: Updated scripts to test VM

* fix: Updated powershell code

* fix: Added Logs

* fix: Added more loga

* refactor: Different approach to ingest data

* replace the in place module with the avm pattern module path

* fix: Updated script

* fix: Seggregated installtion of python

* fix: Created diff scripts

* fix: Refresh environment variables

* fix: Collecting python logs

* fix: Removed logs on python

* fix: Added logs

* fix: Updated logic for python installation

* fix: Use extarcted python package

* fix: test dns resolution

* fic: Updated host

* fix: Updated host

* fix: Updated host

* fix: Deployment Issue with AZD version 1.17 fixed

* feat: Updated the main.json

* docs: Added Note related to AZD issues with 1.17.0 version

* corrected readme

* fix: fixed Project name to 12 characters

* updates to remove AML calls to import.

* fix: Updated scripts

* Quota - implemented AZD quota check, removed model array for embedding and gpt only, removed scripts

* Quota - documentation and main.json

* Disabled no-unnecessary-dependson warnings

* Search - fixed bug where roleassignments was not being used

* refactor: Modified the output variables

* fix: Resolved the conflict issues

* fix: Sample APP deployment issue

* fix: AI project location to be same as Congnitive service account

* feat: Updated boolean based flags to propmpy user for inputs as AZD issue is fixed

* fix: Added the changes related to auth update

* fix: Added python path

* fix: Updated python script to download the file to specific path

* fix: Updated the message

* fix: Added sample data & updated script to support non-waf deployment

* fix: Fix issues related to codespace

* chore: Updated the sample data set

* fix: Modified code to process files from local folder while running locally

* fix: Updated scripts for Codespace

* fix: Updated the path

* fix: File names updated

* fix: File names updated

---------

Co-authored-by: mswantek68 <46489667+mswantek68@users.noreply.github.com>
Co-authored-by: Mike Swantek <mike.swantek@microsoft.com>
Co-authored-by: Rohini-Microsoft <v-rwalunj@microsoft.com>
Co-authored-by: Seth <sethsteenken@microsoft.com>

---------

Author: sethsteenken

.gitignore

@@ -1,4 +1,4 @@
 .vscode
 .vs
 .venv
-__pycache__
+__pycache__

README.md

@@ -53,6 +53,7 @@ Offers ability to [start with an existing Azure AI Project](docs/transfer_projec
 4. If deploying from your [local environment](docs/local_environment_steps.md), install the [Azure CLI (AZ)](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest) and the [Azure Developer CLI (AZD)](https://learn.microsoft.com/en-us/azure/developer/azure-developer-cli/install-azd?tabs=winget-windows%2Cbrew-mac%2Cscript-linux&pivots=os-windows).
 5. If deploying via [GitHub Codespaces](docs/github_code_spaces_steps.md) - requires the user to be on a GitHub Team or Enterprise Cloud plan.
 6. If leveraging [GitHub Actions](docs/github_actions_steps.md).
+7. Optionally [include a sample AI chat application](/docs/sample_app_setup.md) with the deployment.
 
 ### Check Azure OpenAI Quota Availability  
 
@@ -90,6 +91,8 @@ QUICK DEPLOY
 ## Connect to and validate access to the new environment 
 Follow the post deployment steps [Post Deployment Steps](docs/github_code_spaces_steps.md) to connect to the isolated environment.
 
+## Deploy Sample Application with the new environment
+Optionally include a [sample AI chat application](/docs/sample_app_setup.md) to showcase a production AI application deployed to a secure environment.
 
 ## Deploy your application in the isolated environment
 - Leverage the Microsoft Learn documentation to provision an app service instance within your secure network [Configure Web App](https://learn.microsoft.com/en-us/azure/ai-services/openai/how-to/on-your-data-configuration#azure-ai-foundry-portal)

azure.yaml

@@ -1,17 +1,42 @@
-name: deploy-your-ai-application-in-production
-infra:
-    provider: "bicep"
-metadata:
-  template: deploy-your-ai-application-in-production@1.0
-hooks:
-  preup:
-    windows:
-      shell: pwsh
-      run: ./scripts/set_conns_env_vars.ps1
-      interactive: true
-      continueOnError: false
-    posix:
-      shell: sh
-      run: chmod u+r+x ./scripts/set_conns_env_vars.sh; ./scripts/set_conns_env_vars.sh
-      interactive: true
-      continueOnError: false
+name: deploy-your-ai-application-in-production
+
+requiredVersions:
+  azd: ">=1.15.0 !=1.17.1"
+infra:
+    provider: "bicep"
+metadata:
+  template: deploy-your-ai-application-in-production@1.0
+hooks:
+  preup:
+    windows:
+      shell: pwsh
+      run: ./scripts/set_conns_env_vars.ps1
+      interactive: true
+      continueOnError: false
+    posix:
+      shell: sh
+      run: sudo chmod u+r+x ./scripts/set_conns_env_vars.sh; sudo ./scripts/set_conns_env_vars.sh
+      interactive: true
+      continueOnError: false
+  preprovision:
+    posix:
+      shell: sh
+      run: sudo chmod u+r+x ./scripts/auth_init.sh; sudo ./scripts/auth_init.sh
+      interactive: true
+      continueOnError: false
+    windows:
+      shell: pwsh
+      run: ./scripts/auth_init.ps1
+      interactive: true
+      continueOnError: false
+  postprovision:
+      posix:
+        shell: sh
+        run: sudo chmod u+r+x ./scripts/process_sample_data.sh; sudo chmod u+r+x ./scripts/postprovision.sh; sudo ./scripts/postprovision.sh
+        interactive: true
+        continueOnError: false 
+      windows:
+        shell: pwsh
+        run: ./scripts/postprovision.ps1;
+        interactive: true
+        continueOnError: false

data/PerksPlus.pdf

@@ -0,0 +1,84 @@
+# Setup Sample Application
+
+This solution includes an optional sample AI chat application that can be instantiaed along with the other resources to showcase a production-ready, end-to-end application running securly on Azure. Application image is pulled from a public registry and the [source code can be found here](https://github.com/microsoft/sample-app-aoai-chatGPT).
+
+## Pre-Deployment
+
+### Setup Entra App Registration
+
+The sample application requires an [application registration in Microsoft Entra](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app). This is used for authentication. The deployment process will automatically create the application registration by default or an existing applicaiton registration can be used.
+
+#### Create Application Registration Automatically
+
+Following the steps below and executing a deployment will automatically create the Application Registration in Microsoft Entra and set the required environment variables. The application registration will then be used for that AZD environment when deploying. The executing user will need sufficient permissions on the tenant to create registrations (like the [Application Developer role](https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#application-developer)).
+
+#### Use Existing Application Registration
+
+In the Azure Portal, either [create a new registration](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app) or navigate to an existing registration.
+
+* Note the *Application (client) ID* and *Object ID* displayed on the overview page.
+* Navigate to "Certificates & secrets" > "New client secret".
+* Enter a description and expiration, then click "Add".
+* Copy and securely store the generated client secret value, as it will not be shown again.
+
+The client ID and client secret are required for authenticating your application with Microsoft Entra.
+
+Set the following environment variables after establishing an AZD environment:
+
+```sh
+azd env set 'AZURE_AUTH_APP_ID' '<your-object-id>'
+azd env set 'AZURE_AUTH_CLIENT_ID' '<your-client-id>'
+azd env set 'AZURE_AUTH_CLIENT_SECRET' '<your-client-secret>'
+```
+
+## Deployment
+
+### Setup Environment Variables
+
+In order to have the sample application infrastructure deployed, certain parameter requirements must be met. Set specific environment variables listed in the below AZD command block after setting up a new AZD environment and prior to running `azd up` to properly deploy the sample application. 
+
+```sh
+azd env set 'AZURE_APP_SAMPLE_ENABLED' 'true'
+azd env set 'AZURE_AI_SEARCH_ENABLED' 'true'
+azd env set 'AZURE_COSMOS_DB_ENABLED' 'true'
+```
+
+### AI Models Parameter Requirements
+
+Also, the `aiModelDeployments` parameter in the [main.parameters.json](/infra/main.parameters.json) must contain two AI model deployments in this specific order (Note: the default values meet these requirements):
+
+1. Text Embedding model (e.g., `text-embedding-ada-002`, `text-embedding-3-small`, `text-embedding-3-large`)
+2. Chat Completion model (e.g., `gpt-4`, `gpt-4o`, `gpt-4o-mini`)
+
+### Deploy
+
+Follow the [standard deployment guide](./local_environment_steps.md).
+
+## Post-Deployment
+
+1. **Access AI Foundry**
+    - Connect to your VM jump box using Azure Bastion.
+    - Once connected, browse to the Azure Portal
+    - Select the Azure AI Project resource and load the AI Foundry
+
+2. **Create a Data Source**
+    - In AI Foundry, select *Data + Indexes*, and click *+New Data*
+    - For Data Source, select to Upload Files/Folders, then Upload Files
+    - Give the Data Source a name and click Create    
+
+3. **Create an Index**
+    - In AI Foundry, select *Data + Indexes*, and click *+New Index*
+    - Select your Data Source
+    - Choose the existing Azure Cognitive Search service
+    - Keep the suggested Index name or supply a different name
+    - In the Search settings, select the *text-embedding-3-model* model deployment.
+    - Review and click Create Vector Index. Note this can take a few minutes to complete.
+
+4. **Update App Service Environment Variable**
+    - After indexing completes, note the name of your new Index.
+    - In the Azure Portal, navigate to the Azure App Service and update the relevant Environment Variable in the Configuration with this Index name.
+
+5. **Launch and Use the Application**
+    - Navigate to the Azure App Service in the Azure Portal
+    - Browse application and begin chatting with your data.
+