Skip to content

Commit

Permalink
adding initial use-case setup for Gen AI on Azure (#517)
Browse files Browse the repository at this point in the history 
* adding AI search and some minor bug fixes

* adding auxiliary services
  • Loading branch information
@krnese
krnese authored Jan 31, 2024
1 parent 803993f commit 41a4444
Show file tree
Hide file tree
Showing 6 changed files with 772 additions and 8 deletions.
280 changes: 277 additions & 3 deletions fsi/solutions/generativeAi/EnterpriseAIPortal.json
View file

Large diffs are not rendered by default.

236 changes: 233 additions & 3 deletions fsi/solutions/generativeAi/aoaiArm.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -309,6 +309,57 @@
"No"
],
"defaultValue": "No"
},
"aiSearchSubnetId": {
"type": "string",
"metadata": {
"description": "Provide the subnet id where the Azure Open AI instance that will be connected"
},
"defaultValue": ""
},
"aiSearchSystemIdentity": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
]
},
"aiSearchNwLocation": {
"type": "string",
"defaultValue": "[parameters('location')]"
},
"aiSearchDisableNetworkAccess": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
]
},
"aiSearchRbacAuthz": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
]
},
"aiSearchEncryption": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
]
},
"aiUseCaseDeployment": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
]
}
},
"variables": {
Expand All @@ -319,10 +370,12 @@
"azureOpenAiTemplateUri": "[uri(deployment().properties.templateLink.uri, 'azureOpenAi.json')]",
"rgKeyVersionTemplateUri": "[uri(deployment().properties.templateLink.uri, 'rgKey.json')]",
"rgAzureOpenAiObjectIdTemplateUri": "[uri(deployment().properties.templateLink.uri, 'rgAzureAiObjectId.json')]",
"rgAzureAiSearchObjectIdTemplateUri": "[uri(deployment().properties.templateLink.uri, 'rgAzureAiObjectId.json')]",
"rgRbacTemplateUri": "[uri(deployment().properties.templateLink.uri, 'rgRbac.json')]",
"azureOpenAiCmkTemplateUri": "[uri(deployment().properties.templateLink.uri, 'cmkAzureOpenAi.json')]",
"azureOpenAiModelTemplateUri": "[uri(deployment().properties.templateLink.uri, 'modelDeployment.json')]",
"azureOpenAiContentFilterTemplateUri": "[uri(deployment().properties.templateLink.uri, 'contentFilter.json')]"
"azureOpenAiContentFilterTemplateUri": "[uri(deployment().properties.templateLink.uri, 'contentFilter.json')]",
"azureAiSearchTemplateUri": "[uri(deployment().properties.templateLink.uri, 'azureAiSearch.json')]"
},
"deploymentSuffix": "[concat('-', deployment().location, guid(parameters('prefix')))]",
"deploymentNames": {
Expand All @@ -331,12 +384,17 @@
"storageDeploymentName": "[take(concat(parameters('prefix'), '-sa', variables('deploymentSuffix')), 64)]",
"azureOpenAiDeploymentName": "[take(concat(parameters('prefix'), '-aoa', variables('deploymentSuffix')), 64)]",
"rgKeyVersionDeploymentName": "[take(concat(parameters('prefix'), '-key', variables('deploymentSuffix')), 64)]",
"rgAzureAiObjectIdDeploymentName": "[take(concat(parameters('prefix'), '-objectId', variables('deploymentSuffix')), 64)]",
"rgAzureAiObjectIdDeploymentName": "[take(concat(parameters('prefix'), '-ai-objectId', variables('deploymentSuffix')), 64)]",
"rgAzureAiSearchObjectIdDeploymentName": "[take(concat(parameters('prefix'), '-search-objectId', variables('deploymentSuffix')), 64)]",
"rgRbac1DeploymentName": "[take(concat(parameters('prefix'), '-rbac1', variables('deploymentSuffix')), 64)]",
"rgRbac2DeploymentName": "[take(concat(parameters('prefix'), '-rbac2', variables('deploymentSuffix')), 64)]",
"rgRbac3DeploymentName": "[take(concat(parameters('prefix'), '-rbac3', variables('deploymentSuffix')), 64)]",
"rgRbac4DeploymentName": "[take(concat(parameters('prefix'), '-rbac4', variables('deploymentSuffix')), 64)]",
"rgRbac5DeploymentName": "[take(concat(parameters('prefix'), '-rbac5', variables('deploymentSuffix')), 64)]",
"azureOpenAiFinalDeploymentName": "[take(concat(parameters('prefix'), '-aoacmk', variables('deploymentSuffix')), 64)]",
"azureOpenAiModelDeploymentName": "[take(concat(parameters('prefix'), '-aoaModel', variables('deploymentSuffix')), 64)]",
"azureOpenAIContentFilterDeploymentName": "[take(concat(parameters('prefix'), '-aoaContentFilter', variables('deploymentSuffix')), 64)]"
"azureOpenAIContentFilterDeploymentName": "[take(concat(parameters('prefix'), '-aoaContentFilter', variables('deploymentSuffix')), 64)]",
"azureAiSearchDeploymentName": "[take(concat(parameters('prefix'), 'aaisearch', variables('deploymentSuffix')), 64)]"
},
"resourceNames": {
"rgName": "[concat(parameters('prefix'), '-rg-', parameters('location'))]"
Expand Down Expand Up @@ -561,6 +619,59 @@
}
}
},
// Deploying Azure AI Search
{
"condition": "[equals(parameters('aiUseCaseDeployment'), 'Yes')]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "[variables('deploymentNames').azureAiSearchDeploymentName]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Resources/deployments/', variables('deploymentNames').keyVaultDeploymentName)]",
"[concat('Microsoft.Resources/deployments/', variables('deploymentNames').storageDeploymentName)]",
"[concat('Microsoft.Resources/deployments/', variables('deploymentNames').azureOpenAiDeploymentName)]"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"contentVersion": "1.0.0.0",
"uri": "[variables('templateUris').azureAiSearchTemplateUri]"
},
"parameters": {
"rgName": {
"value": "[variables('resourceNames').rgName]"
},
"location": {
"value": "[parameters('location')]"
},
"userIdentity": {
"value": "[parameters('userIdentity')]"
},
"aiSearchRbacAuthz": {
"value": "[parameters('aiSearchRbacAuthz')]"
},
"aiSearchSubnetId": {
"value": "[parameters('aiSearchSubnetId')]"
},
"prefix": {
"value": "[parameters('prefix')]"
},
"aiSearchNwLocation": {
"value": "[parameters('aiNwLocation')]"
},
"aiSearchDisableNetworkAccess": {
"value": "[parameters('aiSearchDisableNetworkAccess')]"
},
"aiSearchSystemIdentity": {
"value": "[parameters('aiSearchSystemIdentity')]"
},
"aiSearchEncryption": {
"value": "[parameters('aiSearchEncryption')]"
}
}
}
},
// Retrieving objectId of the AOAI System Identity
{
"condition": "[equals(parameters('aiSystemIdentity'), 'Yes')]",
"type": "Microsoft.Resources/deployments",
Expand All @@ -586,6 +697,34 @@
}
}
},
// Retrieving objectId of the AI Search System Identity
{
"condition": "[and(equals(parameters('aiSearchSystemIdentity'), 'Yes'), equals(parameters('aiSystemIdentity'), 'Yes'))]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "[variables('deploymentNames').rgAzureAiSearchObjectIdDeploymentName]",
"resourceGroup": "[variables('resourceNames').rgName]",
"dependsOn": [
"[concat('Microsoft.Resources/deployments/', variables('deploymentNames').azureOpenAiDeploymentName)]",
"[concat('Microsoft.Resources/deployments/', variables('deploymentNames').azureAiSearchDeploymentName)]"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"contentVersion": "1.0.0.0",
"uri": "[variables('templateUris').rgAzureAiSearchObjectIdTemplateUri]"
},
"parameters": {
"prefix": {
"value": "[parameters('prefix')]"
},
"location": {
"value": "[parameters('location')]"
}
}
}
},
// Consider to remove this deployment
{
"condition": "[equals(parameters('aiSystemIdentity'), 'Yes')]",
"type": "Microsoft.Resources/deployments",
Expand Down Expand Up @@ -614,6 +753,7 @@
}
}
},
// Creating Role Assignment for AOAI on Key Vault for Key Vault Crypto Service Encryption User role
{
"condition": "[equals(parameters('aiSystemIdentity'), 'Yes')]",
"type": "Microsoft.Resources/deployments",
Expand Down Expand Up @@ -642,6 +782,96 @@
}
}
},
// Creating Role Assignment for AOAI on AI Search using Search Index Data Reader role
{
"condition": "[and(equals(parameters('aiSearchSystemIdentity'), 'Yes'), equals(parameters('aiSystemIdentity'), 'Yes'))]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "[variables('deploymentNames').rgRbac3DeploymentName]",
"resourceGroup": "[variables('resourceNames').rgName]",
"dependsOn": [
"[concat('Microsoft.Resources/deployments/', variables('deploymentNames').rgAzureAiObjectIdDeploymentName)]",
"[concat('Microsoft.Resources/deployments/', variables('deploymentNames').rgAzureAiSearchObjectIdDeploymentName)]"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"contentVersion": "1.0.0.0",
"uri": "[variables('templateUris').rgRbacTemplateUri]"
},
"parameters": {
"roleDefinitionId": {
"value": "1407120a-92aa-4202-b7e9-c0e197c71c8f"
},
"principalType": {
"value": "ServicePrincipal"
},
"principalId": {
"value": "[if(and(equals(parameters('aiSearchSystemIdentity'), 'Yes'), equals(parameters('aiSystemIdentity'), 'Yes')), reference(variables('deploymentNames').rgAzureAiObjectIdDeploymentName).outputs.systemIdentityId.value, '')]"
}
}
}
},
// Creating Role Assignment for AOAI on AI Search using Search Service Contributor role
{
"condition": "[and(equals(parameters('aiSearchSystemIdentity'), 'Yes'), equals(parameters('aiSystemIdentity'), 'Yes'))]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "[variables('deploymentNames').rgRbac4DeploymentName]",
"resourceGroup": "[variables('resourceNames').rgName]",
"dependsOn": [
"[concat('Microsoft.Resources/deployments/', variables('deploymentNames').rgAzureAiObjectIdDeploymentName)]",
"[concat('Microsoft.Resources/deployments/', variables('deploymentNames').azureAiSearchDeploymentName)]"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"contentVersion": "1.0.0.0",
"uri": "[variables('templateUris').rgRbacTemplateUri]"
},
"parameters": {
"roleDefinitionId": {
"value": "7ca78c08-252a-4471-8644-bb5ff32d4ba0"
},
"principalType": {
"value": "ServicePrincipal"
},
"principalId": {
"value": "[if(and(equals(parameters('aiSearchSystemIdentity'), 'Yes'), equals(parameters('aiSystemIdentity'), 'Yes')), reference(variables('deploymentNames').rgAzureAiSearchObjectIdDeploymentName).outputs.systemIdentityId.value, '')]"
}
}
}
},
// Creating Role Assignment for AI Search on AOAI using Cognitive Services Open AI Contributor role
{
"condition": "[and(equals(parameters('aiSearchSystemIdentity'), 'Yes'), equals(parameters('aiSystemIdentity'), 'Yes'))]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "[variables('deploymentNames').rgRbac5DeploymentName]",
"resourceGroup": "[variables('resourceNames').rgName]",
"dependsOn": [
"[concat('Microsoft.Resources/deployments/', variables('deploymentNames').rgAzureAiObjectIdDeploymentName)]",
"[concat('Microsoft.Resources/deployments/', variables('deploymentNames').azureAiSearchDeploymentName)]"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"contentVersion": "1.0.0.0",
"uri": "[variables('templateUris').rgRbacTemplateUri]"
},
"parameters": {
"roleDefinitionId": {
"value": "a001fd3d-188f-4b5d-821b-7da978bf7442"
},
"principalType": {
"value": "ServicePrincipal"
},
"principalId": {
"value": "[if(and(equals(parameters('aiSystemIdentity'), 'Yes'), equals(parameters('aiSearchSystemIdentity'), 'Yes')), reference(variables('deploymentNames').rgAzureAiSearchObjectIdDeploymentName).outputs.systemIdentityId.value, '')]"
}
}
}
},
{
"condition": "[not(empty(parameters('aiCmkKeyName')))]",
"type": "Microsoft.Resources/deployments",
Expand Down
Loading

0 comments on commit 41a4444

Please sign in to comment.