infra: add iac and config

.gitignore

@@ -3,6 +3,10 @@
 ##
 ## Get latest from https://github.com/github/gitignore/blob/main/VisualStudio.gitignore
 
+## Azure Developer CLI output
+.azure/
+.azure/**
+
 # User-specific files
 *.rsuser
 *.suo

azure.yaml

@@ -0,0 +1,19 @@
+name: azure-openai-assistant-javascript@1.0.0
+services:
+  webapp:
+    project: ./
+    dist: dist
+    language: js
+    host: staticwebapp
+    hooks:
+      predeploy:
+        windows:
+          shell: pwsh
+          run: npm run build
+          interactive: false
+          continueOnError: false
+        posix:
+          shell: sh
+          run: npm run build
+          interactive: false
+          continueOnError: false

infra/abbreviations.json

@@ -0,0 +1,135 @@
+{
+  "analysisServicesServers": "as",
+  "apiManagementService": "apim-",
+  "appConfigurationConfigurationStores": "appcs-",
+  "appManagedEnvironments": "cae-",
+  "appContainerApps": "ca-",
+  "authorizationPolicyDefinitions": "policy-",
+  "automationAutomationAccounts": "aa-",
+  "blueprintBlueprints": "bp-",
+  "blueprintBlueprintsArtifacts": "bpa-",
+  "cacheRedis": "redis-",
+  "cdnProfiles": "cdnp-",
+  "cdnProfilesEndpoints": "cdne-",
+  "cognitiveServicesAccounts": "cog-",
+  "cognitiveServicesFormRecognizer": "cog-fr-",
+  "cognitiveServicesTextAnalytics": "cog-ta-",
+  "computeAvailabilitySets": "avail-",
+  "computeCloudServices": "cld-",
+  "computeDiskEncryptionSets": "des",
+  "computeDisks": "disk",
+  "computeDisksOs": "osdisk",
+  "computeGalleries": "gal",
+  "computeSnapshots": "snap-",
+  "computeVirtualMachines": "vm",
+  "computeVirtualMachineScaleSets": "vmss-",
+  "containerInstanceContainerGroups": "ci",
+  "containerRegistryRegistries": "cr",
+  "containerServiceManagedClusters": "aks-",
+  "databricksWorkspaces": "dbw-",
+  "dataFactoryFactories": "adf-",
+  "dataLakeAnalyticsAccounts": "dla",
+  "dataLakeStoreAccounts": "dls",
+  "dataMigrationServices": "dms-",
+  "dBforMySQLServers": "mysql-",
+  "dBforPostgreSQLServers": "psql-",
+  "devicesIotHubs": "iot-",
+  "devicesProvisioningServices": "provs-",
+  "devicesProvisioningServicesCertificates": "pcert-",
+  "documentDBDatabaseAccounts": "cosmos-",
+  "eventGridDomains": "evgd-",
+  "eventGridDomainsTopics": "evgt-",
+  "eventGridEventSubscriptions": "evgs-",
+  "eventHubNamespaces": "evhns-",
+  "eventHubNamespacesEventHubs": "evh-",
+  "hdInsightClustersHadoop": "hadoop-",
+  "hdInsightClustersHbase": "hbase-",
+  "hdInsightClustersKafka": "kafka-",
+  "hdInsightClustersMl": "mls-",
+  "hdInsightClustersSpark": "spark-",
+  "hdInsightClustersStorm": "storm-",
+  "hybridComputeMachines": "arcs-",
+  "insightsActionGroups": "ag-",
+  "insightsComponents": "appi-",
+  "keyVaultVaults": "kv-",
+  "kubernetesConnectedClusters": "arck",
+  "kustoClusters": "dec",
+  "kustoClustersDatabases": "dedb",
+  "logicIntegrationAccounts": "ia-",
+  "logicWorkflows": "logic-",
+  "machineLearningServicesWorkspaces": "mlw-",
+  "managedIdentityUserAssignedIdentities": "id-",
+  "managementManagementGroups": "mg-",
+  "migrateAssessmentProjects": "migr-",
+  "networkApplicationGateways": "agw-",
+  "networkApplicationSecurityGroups": "asg-",
+  "networkAzureFirewalls": "afw-",
+  "networkBastionHosts": "bas-",
+  "networkConnections": "con-",
+  "networkDnsZones": "dnsz-",
+  "networkExpressRouteCircuits": "erc-",
+  "networkFirewallPolicies": "afwp-",
+  "networkFirewallPoliciesWebApplication": "waf",
+  "networkFirewallPoliciesRuleGroups": "wafrg",
+  "networkFrontDoors": "fd-",
+  "networkFrontdoorWebApplicationFirewallPolicies": "fdfp-",
+  "networkLoadBalancersExternal": "lbe-",
+  "networkLoadBalancersInternal": "lbi-",
+  "networkLoadBalancersInboundNatRules": "rule-",
+  "networkLocalNetworkGateways": "lgw-",
+  "networkNatGateways": "ng-",
+  "networkNetworkInterfaces": "nic-",
+  "networkNetworkSecurityGroups": "nsg-",
+  "networkNetworkSecurityGroupsSecurityRules": "nsgsr-",
+  "networkNetworkWatchers": "nw-",
+  "networkPrivateDnsZones": "pdnsz-",
+  "networkPrivateLinkServices": "pl-",
+  "networkPublicIPAddresses": "pip-",
+  "networkPublicIPPrefixes": "ippre-",
+  "networkRouteFilters": "rf-",
+  "networkRouteTables": "rt-",
+  "networkRouteTablesRoutes": "udr-",
+  "networkTrafficManagerProfiles": "traf-",
+  "networkVirtualNetworkGateways": "vgw-",
+  "networkVirtualNetworks": "vnet-",
+  "networkVirtualNetworksSubnets": "snet-",
+  "networkVirtualNetworksVirtualNetworkPeerings": "peer-",
+  "networkVirtualWans": "vwan-",
+  "networkVpnGateways": "vpng-",
+  "networkVpnGatewaysVpnConnections": "vcn-",
+  "networkVpnGatewaysVpnSites": "vst-",
+  "notificationHubsNamespaces": "ntfns-",
+  "notificationHubsNamespacesNotificationHubs": "ntf-",
+  "operationalInsightsWorkspaces": "log-",
+  "portalDashboards": "dash-",
+  "powerBIDedicatedCapacities": "pbi-",
+  "purviewAccounts": "pview-",
+  "recoveryServicesVaults": "rsv-",
+  "resourcesResourceGroups": "rg-",
+  "searchSearchServices": "srch-",
+  "serviceBusNamespaces": "sb-",
+  "serviceBusNamespacesQueues": "sbq-",
+  "serviceBusNamespacesTopics": "sbt-",
+  "serviceEndPointPolicies": "se-",
+  "serviceFabricClusters": "sf-",
+  "signalRServiceSignalR": "sigr",
+  "sqlManagedInstances": "sqlmi-",
+  "sqlServers": "sql-",
+  "sqlServersDataWarehouse": "sqldw-",
+  "sqlServersDatabases": "sqldb-",
+  "sqlServersDatabasesStretch": "sqlstrdb-",
+  "storageStorageAccounts": "st",
+  "storageStorageAccountsVm": "stvm",
+  "storSimpleManagers": "ssimp",
+  "streamAnalyticsCluster": "asa-",
+  "synapseWorkspaces": "syn",
+  "synapseWorkspacesAnalyticsWorkspaces": "synw",
+  "synapseWorkspacesSqlPoolsDedicated": "syndp",
+  "synapseWorkspacesSqlPoolsSpark": "synsp",
+  "timeSeriesInsightsEnvironments": "tsi-",
+  "webServerFarms": "plan-",
+  "webSitesAppService": "app-",
+  "webSitesAppServiceEnvironment": "ase-",
+  "webSitesFunctions": "func-",
+  "webStaticSites": "stapp-"
+}

infra/core/ai/cognitiveservices.bicep

@@ -0,0 +1,55 @@
+metadata description = 'Creates an Azure Cognitive Services instance.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+@description('The custom subdomain name used to access the API. Defaults to the value of the name parameter.')
+param customSubDomainName string = name
+param deployments array = []
+param kind string = 'OpenAI'
+
+@allowed([ 'Enabled', 'Disabled' ])
+param publicNetworkAccess string = 'Enabled'
+param sku object = {
+  name: 'S0'
+}
+
+param allowedIpRules array = []
+param networkAcls object = empty(allowedIpRules) ? {
+  defaultAction: 'Allow'
+} : {
+  ipRules: allowedIpRules
+  defaultAction: 'Deny'
+}
+param disableLocalAuth bool = false
+
+resource account 'Microsoft.CognitiveServices/accounts@2023-05-01' = {
+  name: name
+  location: location
+  tags: tags
+  kind: kind
+  properties: {
+    customSubDomainName: customSubDomainName
+    publicNetworkAccess: publicNetworkAccess
+    networkAcls: networkAcls
+    disableLocalAuth: disableLocalAuth
+  }
+  sku: sku
+}
+
+@batchSize(1)
+resource deployment 'Microsoft.CognitiveServices/accounts/deployments@2023-05-01' = [for deployment in deployments: {
+  parent: account
+  name: deployment.name
+  properties: {
+    model: deployment.model
+    raiPolicyName: contains(deployment, 'raiPolicyName') ? deployment.raiPolicyName : null
+  }
+  sku: contains(deployment, 'sku') ? deployment.sku : {
+    name: 'Standard'
+    capacity: 20
+  }
+}]
+
+output endpoint string = account.properties.endpoint
+output id string = account.id
+output name string = account.name

infra/core/host/staticwebapp.bicep

@@ -0,0 +1,22 @@
+metadata description = 'Creates an Azure Static Web Apps instance.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+param sku object = {
+  name: 'Free'
+  tier: 'Free'
+}
+
+resource web 'Microsoft.Web/staticSites@2023-01-01' = {
+  name: name
+  location: location
+  tags: tags
+  sku: sku
+  properties: {
+    provider: 'Custom'
+  }
+}
+
+output name string = web.name
+output uri string = 'https://${web.properties.defaultHostname}'

infra/core/search/search-services.bicep

@@ -0,0 +1,68 @@
+metadata description = 'Creates an Azure AI Search instance.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+param sku object = {
+  name: 'standard'
+}
+
+param authOptions object = {}
+param disableLocalAuth bool = false
+param disabledDataExfiltrationOptions array = []
+param encryptionWithCmk object = {
+  enforcement: 'Unspecified'
+}
+@allowed([
+  'default'
+  'highDensity'
+])
+param hostingMode string = 'default'
+param networkRuleSet object = {
+  bypass: 'None'
+  ipRules: []
+}
+param partitionCount int = 1
+@allowed([
+  'enabled'
+  'disabled'
+])
+param publicNetworkAccess string = 'enabled'
+param replicaCount int = 1
+@allowed([
+  'disabled'
+  'free'
+  'standard'
+])
+param semanticSearch string = 'disabled'
+
+var searchIdentityProvider = (sku.name == 'free') ? null : {
+  type: 'SystemAssigned'
+}
+
+resource search 'Microsoft.Search/searchServices@2021-04-01-preview' = {
+  name: name
+  location: location
+  tags: tags
+  // The free tier does not support managed identity
+  identity: searchIdentityProvider
+  properties: {
+    authOptions: disableLocalAuth ? null : authOptions
+    disableLocalAuth: disableLocalAuth
+    disabledDataExfiltrationOptions: disabledDataExfiltrationOptions
+    encryptionWithCmk: encryptionWithCmk
+    hostingMode: hostingMode
+    networkRuleSet: networkRuleSet
+    partitionCount: partitionCount
+    publicNetworkAccess: publicNetworkAccess
+    replicaCount: replicaCount
+    semanticSearch: semanticSearch
+  }
+  sku: sku
+}
+
+output id string = search.id
+output endpoint string = 'https://${name}.search.windows.net/'
+output name string = search.name
+output principalId string = !empty(searchIdentityProvider) ? search.identity.principalId : ''
+

infra/core/security/role.bicep

@@ -0,0 +1,21 @@
+metadata description = 'Creates a role assignment for a service principal.'
+param principalId string
+
+@allowed([
+  'Device'
+  'ForeignGroup'
+  'Group'
+  'ServicePrincipal'
+  'User'
+])
+param principalType string = 'ServicePrincipal'
+param roleDefinitionId string
+
+resource role 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(subscription().id, resourceGroup().id, principalId, roleDefinitionId)
+  properties: {
+    principalId: principalId
+    principalType: principalType
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId)
+  }
+}