added bicep

Harmanpreet Kaur · Harmanpreet Kaur · commit 25d6626a5319 · 2025-05-20T11:11:58.000+05:30
diff --git a/infra/deploy_ai_foundry.bicep b/infra/deploy_ai_foundry.bicep
@@ -1,7 +1,4 @@
 // Creates Azure dependent resources for Azure AI studio
-@minLength(3)
-@maxLength(15)
-@description('Solution Name')
 param solutionName string
 param solutionLocation string
 param keyVaultName string
@@ -11,7 +8,6 @@ param managedIdentityObjectId string
 param aiServicesEndpoint string
 param aiServicesKey string
 param aiServicesId string
-
 var abbrs = loadJsonContent('./abbreviations.json')
 var storageName = '${abbrs.storage.storageAccount}${solutionName}hubst'
 var storageSkuName = 'Standard_LRS'
@@ -27,7 +23,6 @@ var aiProjectFriendlyName = aiProjectName
 var aiSearchName = '${abbrs.ai.aiSearch}${solutionName}'
 
 
-
 resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
   name: keyVaultName
 }
@@ -45,9 +40,7 @@ resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2023-09-01' = {
 }
 
 
-var storageNameCleaned = replace(replace(replace(replace('${storageName}cast', '-', ''), '_', ''), '.', ''),'/', '')
-
-
+var storageNameCleaned = replace(storageName, '-', '')
 
 
 resource storage 'Microsoft.Storage/storageAccounts@2022-09-01' = {
@@ -119,7 +112,7 @@ resource storageroleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-
 }
 
 resource aiHub 'Microsoft.MachineLearningServices/workspaces@2023-08-01-preview' = {
-  name: azureAiHubName
+  name: aiHubName
   location: location
   identity: {
     type: 'SystemAssigned'
@@ -136,7 +129,7 @@ resource aiHub 'Microsoft.MachineLearningServices/workspaces@2023-08-01-preview'
   kind: 'hub'
 
   resource aiServicesConnection 'connections@2024-07-01-preview' = {
-    name: '${azureAiHubName}-connection-AzureOpenAI'
+    name: '${aiHubName}-connection-AzureOpenAI'
     properties: {
       category: 'AIServices'
       target: aiServicesEndpoint
@@ -305,5 +298,3 @@ output storageAccountName string = storageNameCleaned
 
 output logAnalyticsId string = logAnalytics.id
 output storageAccountId string = storage.id
-
-output projectConnectionString string = '${split(aiHubProject.properties.discoveryUrl, '/')[2]};${subscription().subscriptionId};${resourceGroup().name};${aiHubProject.name}'
diff --git a/infra/deploy_keyvault.bicep b/infra/deploy_keyvault.bicep
@@ -35,7 +35,9 @@ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
     enabledForDeployment: true
     enabledForDiskEncryption: true
     enabledForTemplateDeployment: true
+    enableSoftDelete: false
     enableRbacAuthorization: true
+    enablePurgeProtection: true
     publicNetworkAccess: 'enabled'
     sku: {
       family: 'A'
diff --git a/infra/deploy_managed_identity.bicep b/infra/deploy_managed_identity.bicep
@@ -10,10 +10,8 @@ param solutionName string
 param solutionLocation string
 
 @description('Name')
-
 param miName string 
 
-
 resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
   name: miName
   location: solutionLocation
diff --git a/infra/main.bicep b/infra/main.bicep
@@ -1,11 +1,9 @@
 @minLength(3)
-
 @maxLength(10)
 @description('Prefix for all resources created by this template.  This prefix will be used to create unique names for all resources.  The prefix must be unique within the resource group.')
 param ResourcePrefix string 
 var abbrs = loadJsonContent('./abbreviations.json')
 
-
 @allowed([
   'australiaeast'
   'brazilsouth'
@@ -32,13 +30,24 @@ var abbrs = loadJsonContent('./abbreviations.json')
   'westus3'
 ])
 @description('Location for all Ai services resources. This location can be different from the resource group location.')
-param AzureAiServiceLocation string  // The location used for all deployed resources.  This location must be in the same region as the resource group.
+param AiLocation string  // The location used for all deployed resources.  This location must be in the same region as the resource group.
 param capacity int = 5
 
-var uniqueId = toLower(uniqueString(subscription().id, safePrefix, resourceGroup().location))
-var UniquePrefix = 'cm${padLeft(take(uniqueId, 12), 12, '0')}'
-var ResourcePrefix = take('cm${safePrefix}${UniquePrefix}', 15)
-var imageVersion = 'latest'
+
+@description('A unique prefix for all resources in this deployment. This should be 3-10 characters long:')
+//param environmentName string 
+var randomString = substring(uniqueString(resourceGroup().id), 0, 4)
+@description('The location used for all deployed resources')
+// Generate a unique string based on the base name and a unique identifier
+//var uniqueSuffix = uniqueString(resourceGroup().id, ResourcePrefix)
+
+// Take the first 4 characters of the unique string to use as a suffix
+//var randomSuffix = substring(ResourcePrefix, 0, min(10, length(ResourcePrefix)))
+
+// Combine the base name with the random suffix
+var finalName = '${ResourcePrefix}-${randomString}'
+
+var imageVersion = 'rc1'
 var location  = resourceGroup().location
 var dblocation  = resourceGroup().location
 var cosmosdbDatabase  = 'cmsadb'
@@ -48,15 +57,14 @@ var cosmosdbLogContainer  = 'cmsalog'
 var deploymentType  = 'GlobalStandard'
 var containerName  = 'appstorage'
 var llmModel  = 'gpt-4o'
+var prefixCleaned = replace(toLower(finalName), '-', '')
 var storageSkuName = 'Standard_LRS'
-
 var storageContainerName = '${abbrs.storage.storageAccount}${prefixCleaned}'
 var gptModelVersion = '2024-08-06'
 var aiServicesName = '${abbrs.ai.aiServices}${prefixCleaned}'
 
 
 
-
 var aiModelDeployments = [
   {
     name: llmModel
@@ -70,26 +78,24 @@ var aiModelDeployments = [
   }
 ]
 
-resource azureAiServices 'Microsoft.CognitiveServices/accounts@2024-04-01-preview' = {
-  name: azureAiServicesName
+resource aiServices 'Microsoft.CognitiveServices/accounts@2024-04-01-preview' = {
+  name: aiServicesName
   location: location
   sku: {
     name: 'S0'
   }
   kind: 'AIServices'
   properties: {
-
     customSubDomainName: aiServicesName
     apiProperties: {
      // statisticsEnabled: false
     }
-
   }
 }
 
 @batchSize(1)
-resource azureAiServicesDeployments 'Microsoft.CognitiveServices/accounts/deployments@2023-05-01' = [for aiModeldeployment in aiModelDeployments: {
-  parent: azureAiServices //aiServices_m
+resource aiServicesDeployments 'Microsoft.CognitiveServices/accounts/deployments@2023-05-01' = [for aiModeldeployment in aiModelDeployments: {
+  parent: aiServices //aiServices_m
   name: aiModeldeployment.name
   properties: {
     model: {
@@ -111,10 +117,8 @@ resource azureAiServicesDeployments 'Microsoft.CognitiveServices/accounts/deploy
 module managedIdentityModule 'deploy_managed_identity.bicep' = {
   name: 'deploy_managed_identity'
   params: {
-
     miName:'${abbrs.security.managedIdentity}${prefixCleaned}'
     solutionName: prefixCleaned
-
     solutionLocation: location 
   }
   scope: resourceGroup(resourceGroup().name)
@@ -125,10 +129,8 @@ module managedIdentityModule 'deploy_managed_identity.bicep' = {
 module kvault 'deploy_keyvault.bicep' = {
   name: 'deploy_keyvault'
   params: {
-
     keyvaultName: '${abbrs.security.keyVault}${prefixCleaned}'
     solutionName: prefixCleaned
-
     solutionLocation: location
     managedIdentityObjectId:managedIdentityModule.outputs.managedIdentityOutput.objectId
   }
@@ -137,40 +139,38 @@ module kvault 'deploy_keyvault.bicep' = {
 
 
 // ==========AI Foundry and related resources ========== //
-module azureAifoundry 'deploy_ai_foundry.bicep' = {
+module aifoundry 'deploy_ai_foundry.bicep' = {
   name: 'deploy_ai_foundry'
   params: {
-    solutionName: ResourcePrefix
-    solutionLocation: AzureAiServiceLocation
+    solutionName: prefixCleaned
+    solutionLocation: AiLocation
     keyVaultName: kvault.outputs.keyvaultName
     gptModelName: llmModel
     gptModelVersion: gptModelVersion
     managedIdentityObjectId:managedIdentityModule.outputs.managedIdentityOutput.objectId
-    aiServicesEndpoint: azureAiServices.properties.endpoint
-    aiServicesKey: azureAiServices.listKeys().key1
-    aiServicesId: azureAiServices.id
+    aiServicesEndpoint: aiServices.properties.endpoint
+    aiServicesKey: aiServices.listKeys().key1
+    aiServicesId: aiServices.id
   }
   scope: resourceGroup(resourceGroup().name)
 }
 
 module containerAppsEnvironment 'br/public:avm/res/app/managed-environment:0.9.1' = {
-  name: toLower('${ResourcePrefix}conAppsEnv')
+  name: toLower('${prefixCleaned}conAppsEnv')
   params: {
-    logAnalyticsWorkspaceResourceId: azureAifoundry.outputs.logAnalyticsId
-    name: toLower('${ResourcePrefix}manenv')
+    logAnalyticsWorkspaceResourceId: aifoundry.outputs.logAnalyticsId
+    name: toLower('${prefixCleaned}manenv')
     location: location
     zoneRedundant: false
     managedIdentities: managedIdentityModule
   }
 }
 
 module databaseAccount 'br/public:avm/res/document-db/database-account:0.9.0' = {
-  name: toLower('${ResourcePrefix}cosmos')
+  name: toLower('${prefixCleaned}database')
   params: {
     // Required parameters
-
     name: toLower('${abbrs.databases.cosmosDBDatabase}${prefixCleaned}databaseAccount')
-
     // Non-required parameters
     enableAnalyticalStorage: true
     location: dblocation
@@ -234,9 +234,7 @@ module databaseAccount 'br/public:avm/res/document-db/database-account:0.9.0' =
 }
 
 module containerAppFrontend 'br/public:avm/res/app/container-app:0.13.0' = {
-
   name: toLower('${abbrs.containers.containerApp}${prefixCleaned}containerAppFrontend')
-
   params: {
     managedIdentities: {
       systemAssigned: true
@@ -266,19 +264,15 @@ module containerAppFrontend 'br/public:avm/res/app/container-app:0.13.0' = {
     scaleMinReplicas: 1
     scaleMaxReplicas: 1
     environmentResourceId: containerAppsEnvironment.outputs.resourceId
-
     name: toLower('${abbrs.containers.containerApp}${prefixCleaned}containerFrontend')
-
     // Non-required parameters
     location: location
   }
 }
 
 
 resource containerAppBackend 'Microsoft.App/containerApps@2023-05-01' = {
-
   name: toLower('${abbrs.containers.containerApp}${prefixCleaned}containerBackend')
-
   location: location
   identity: {
     type: 'SystemAssigned'
@@ -331,7 +325,7 @@ resource containerAppBackend 'Microsoft.App/containerApps@2023-05-01' = {
             }
             {
               name: 'AZURE_OPENAI_ENDPOINT'
-              value: 'https://${azureAifoundry.outputs.aiServicesName}.openai.azure.com/'
+              value: 'https://${aifoundry.outputs.aiServicesName}.openai.azure.com/'
             }
             {
               name: 'MIGRATOR_AGENT_MODEL_DEPLOY'
@@ -361,26 +355,6 @@ resource containerAppBackend 'Microsoft.App/containerApps@2023-05-01' = {
               name: 'TERMINATION_MODEL_DEPLOY'
               value: llmModel
             }
-            {
-              name: 'AZURE_AI_AGENT_MODEL_DEPLOYMENT_NAME'
-              value: llmModel
-            }
-            {
-              name: 'AZURE_AI_AGENT_PROJECT_NAME'
-              value: azureAifoundry.outputs.aiProjectName
-            }
-            {
-              name: 'AZURE_AI_AGENT_RESOURCE_GROUP_NAME'
-              value: resourceGroup().name
-            }
-            {
-              name: 'AZURE_AI_AGENT_SUBSCRIPTION_ID'
-              value: subscription().subscriptionId
-            }
-            {
-              name: 'AZURE_AI_AGENT_PROJECT_CONNECTION_STRING'
-              value: azureAifoundry.outputs.projectConnectionString
-            }
           ]
           resources: {
             cpu: 1
@@ -454,7 +428,7 @@ var openAiContributorRoleId = 'a001fd3d-188f-4b5d-821b-7da978bf7442'  // Fixed R
 
 resource openAiRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
   name: guid(containerAppBackend.id, openAiContributorRoleId)
-  scope: azureAiServices
+  scope: aiServices
   properties: {
     roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', openAiContributorRoleId) // OpenAI Service Contributor
     principalId: containerAppBackend.identity.principalId
@@ -471,25 +445,9 @@ resource containers 'Microsoft.Storage/storageAccounts/blobServices/containers@2
   properties: {
     publicAccess: 'None'
   }
-  dependsOn: [azureAifoundry]
+  dependsOn: [aifoundry]
 }]
 
-resource aiHubProject 'Microsoft.MachineLearningServices/workspaces@2024-01-01-preview' existing = {
-  name: '${ResourcePrefix}-prj' // aiProjectName must be calculated - available at main start.
-}
-
-resource aiDeveloper 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = {
-  name: '64702f94-c441-49e6-a78b-ef80e0188fee'
-}
-
-resource aiDeveloperAccessProj 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  name: guid(containerAppBackend.name, aiHubProject.id, aiDeveloper.id)
-  scope: aiHubProject
-  properties: {
-    roleDefinitionId: aiDeveloper.id
-    principalId: containerAppBackend.identity.principalId
-  }
-}
 
 resource contributorRoleDefinition 'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions@2021-06-15' existing = {
   name: '${databaseAccount.name}/00000000-0000-0000-0000-000000000002'
diff --git a/infra/main.bicepparam b/infra/main.bicepparam
@@ -1,4 +1,4 @@
 using './main.bicep'
 
-param AzureAiServiceLocation = readEnvironmentVariable('AZURE_LOCATION','japaneast')
-param Prefix = readEnvironmentVariable('AZURE_ENV_NAME','azdtemp')
+param AiLocation = readEnvironmentVariable('AZURE_LOCATION','japaneast')
+param ResourcePrefix = readEnvironmentVariable('AZURE_ENV_NAME','azdtemp')
diff --git a/infra/main.json b/infra/main.json
diff --git a/src/backend/requirements.txt b/src/backend/requirements.txt
