diff --git a/code/backend/batch/utilities/helpers/env_helper.py b/code/backend/batch/utilities/helpers/env_helper.py index 9e1a843e5..1b78c2e80 100644 --- a/code/backend/batch/utilities/helpers/env_helper.py +++ b/code/backend/batch/utilities/helpers/env_helper.py @@ -165,7 +165,7 @@ def __load_config(self, **kwargs) -> None: "Unsupported DATABASE_TYPE. Please set DATABASE_TYPE to 'CosmosDB' or 'PostgreSQL'." ) - self.AZURE_AUTH_TYPE = os.getenv("AZURE_AUTH_TYPE", "keys") + self.AZURE_AUTH_TYPE = os.getenv("AZURE_AUTH_TYPE", "rbac") # Azure OpenAI self.AZURE_OPENAI_RESOURCE = os.getenv("AZURE_OPENAI_RESOURCE", "") # Fetch AZURE_OPENAI_MODEL_INFO from environment @@ -233,6 +233,7 @@ def __load_config(self, **kwargs) -> None: self.AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_MODEL_VERSION = os.getenv( "AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_MODEL_VERSION", "2023-04-15" ) + self.FUNCTION_KEY = os.getenv("FUNCTION_KEY", "") # Initialize Azure keys based on authentication type and environment settings. # When AZURE_AUTH_TYPE is "rbac", azure keys are None or an empty string. @@ -241,6 +242,7 @@ def __load_config(self, **kwargs) -> None: self.AZURE_OPENAI_API_KEY = "" self.AZURE_SPEECH_KEY = None self.AZURE_COMPUTER_VISION_KEY = None + self.FUNCTION_KEY = self.secretHelper.get_secret("FUNCTION_KEY") else: self.AZURE_SEARCH_KEY = self.secretHelper.get_secret("AZURE_SEARCH_KEY") self.AZURE_OPENAI_API_KEY = self.secretHelper.get_secret( @@ -268,7 +270,6 @@ def __load_config(self, **kwargs) -> None: os.environ["OPENAI_API_VERSION"] = self.OPENAI_API_VERSION # Azure Functions - Batch processing self.BACKEND_URL = os.getenv("BACKEND_URL", "http://localhost:7071") - self.FUNCTION_KEY = os.getenv("FUNCTION_KEY") self.AzureWebJobsStorage = os.getenv("AzureWebJobsStorage", "") self.DOCUMENT_PROCESSING_QUEUE_NAME = os.getenv( "DOCUMENT_PROCESSING_QUEUE_NAME", "doc-processing" diff --git a/infra/app/adminweb.bicep b/infra/app/adminweb.bicep index f6ee49fc1..0a530d1f0 100644 --- a/infra/app/adminweb.bicep +++ b/infra/app/adminweb.bicep @@ -1,9 +1,6 @@ param name string param location string = resourceGroup().location param tags object = {} -param storageAccountName string = '' -param formRecognizerName string = '' -param contentSafetyName string = '' param allowedOrigins array = [] param appServicePlanId string param appCommandLine string = 'python -m streamlit run Admin.py --server.port 8000 --server.address 0.0.0.0 --server.enableXsrfProtection false' @@ -11,24 +8,10 @@ param runtimeName string = 'python' param runtimeVersion string = '' param applicationInsightsName string = '' param keyVaultName string = '' -param azureOpenAIName string = '' -param azureAISearchName string = '' -param speechServiceName string = '' -param computerVisionName string = '' @secure() param appSettings object = {} -param useKeyVault bool -param openAIKeyName string = '' -param storageAccountKeyName string = '' -param formRecognizerKeyName string = '' -param searchKeyName string = '' -param computerVisionKeyName string = '' -param contentSafetyKeyName string = '' -param speechKeyName string = '' -param authType string param dockerFullImageName string = '' param useDocker bool = dockerFullImageName != '' -param databaseType string = 'CosmosDB' // 'CosmosDB' or 'PostgreSQL' module adminweb '../core/host/appservice.bicep' = { name: '${name}-app-module' @@ -45,95 +28,13 @@ module adminweb '../core/host/appservice.bicep' = { scmDoBuildDuringDeployment: useDocker ? false : true applicationInsightsName: applicationInsightsName appServicePlanId: appServicePlanId - managedIdentity: databaseType == 'PostgreSQL' || !empty(keyVaultName) - appSettings: union(appSettings, { - AZURE_AUTH_TYPE: authType - USE_KEY_VAULT: useKeyVault ? useKeyVault : '' - AZURE_OPENAI_API_KEY: useKeyVault - ? openAIKeyName - : listKeys( - resourceId( - subscription().subscriptionId, - resourceGroup().name, - 'Microsoft.CognitiveServices/accounts', - azureOpenAIName - ), - '2023-05-01' - ).key1 - AZURE_SEARCH_KEY: useKeyVault - ? searchKeyName - : (azureAISearchName != '' - ? listAdminKeys( - resourceId( - subscription().subscriptionId, - resourceGroup().name, - 'Microsoft.Search/searchServices', - azureAISearchName - ), - '2021-04-01-preview' - ).primaryKey - : '') - AZURE_BLOB_ACCOUNT_KEY: useKeyVault - ? storageAccountKeyName - : listKeys( - resourceId( - subscription().subscriptionId, - resourceGroup().name, - 'Microsoft.Storage/storageAccounts', - storageAccountName - ), - '2021-09-01' - ).keys[0].value - AZURE_FORM_RECOGNIZER_KEY: useKeyVault - ? formRecognizerKeyName - : listKeys( - resourceId( - subscription().subscriptionId, - resourceGroup().name, - 'Microsoft.CognitiveServices/accounts', - formRecognizerName - ), - '2023-05-01' - ).key1 - AZURE_CONTENT_SAFETY_KEY: useKeyVault - ? contentSafetyKeyName - : listKeys( - resourceId( - subscription().subscriptionId, - resourceGroup().name, - 'Microsoft.CognitiveServices/accounts', - contentSafetyName - ), - '2023-05-01' - ).key1 - AZURE_SPEECH_SERVICE_KEY: useKeyVault - ? speechKeyName - : listKeys( - resourceId( - subscription().subscriptionId, - resourceGroup().name, - 'Microsoft.CognitiveServices/accounts', - speechServiceName - ), - '2023-05-01' - ).key1 - AZURE_COMPUTER_VISION_KEY: (useKeyVault || computerVisionName == '') - ? computerVisionKeyName - : listKeys( - resourceId( - subscription().subscriptionId, - resourceGroup().name, - 'Microsoft.CognitiveServices/accounts', - computerVisionName - ), - '2023-05-01' - ).key1 - }) + managedIdentity: !empty(keyVaultName) + appSettings: appSettings } } // Storage Blob Data Contributor -module storageRoleBackend '../core/security/role.bicep' = if (authType == 'rbac') { +module storageRoleBackend '../core/security/role.bicep' = { name: 'storage-role-backend' params: { principalId: adminweb.outputs.identityPrincipalId @@ -143,7 +44,7 @@ module storageRoleBackend '../core/security/role.bicep' = if (authType == 'rbac' } // Cognitive Services User -module openAIRoleBackend '../core/security/role.bicep' = if (authType == 'rbac') { +module openAIRoleBackend '../core/security/role.bicep' = { name: 'openai-role-backend' params: { principalId: adminweb.outputs.identityPrincipalId @@ -155,7 +56,7 @@ module openAIRoleBackend '../core/security/role.bicep' = if (authType == 'rbac') // Contributor // This role is used to grant the service principal contributor access to the resource group // See if this is needed in the future. -module openAIRoleBackendContributor '../core/security/role.bicep' = if (authType == 'rbac') { +module openAIRoleBackendContributor '../core/security/role.bicep' = { name: 'openai-role-backend-contributor' params: { principalId: adminweb.outputs.identityPrincipalId @@ -165,7 +66,7 @@ module openAIRoleBackendContributor '../core/security/role.bicep' = if (authType } // Search Index Data Contributor -module searchRoleBackend '../core/security/role.bicep' = if (authType == 'rbac') { +module searchRoleBackend '../core/security/role.bicep' = { name: 'search-role-backend' params: { principalId: adminweb.outputs.identityPrincipalId @@ -174,7 +75,7 @@ module searchRoleBackend '../core/security/role.bicep' = if (authType == 'rbac') } } -module adminwebaccess '../core/security/keyvault-access.bicep' = if (useKeyVault) { +module adminwebaccess '../core/security/keyvault-access.bicep' = { name: 'adminweb-keyvault-access' params: { keyVaultName: keyVaultName diff --git a/infra/app/function.bicep b/infra/app/function.bicep index 10a9e6dd9..e0588e8a7 100644 --- a/infra/app/function.bicep +++ b/infra/app/function.bicep @@ -11,23 +11,7 @@ param runtimeVersion string = '' @secure() param clientKey string param keyVaultName string = '' -param azureOpenAIName string = '' -param azureAISearchName string = '' -param formRecognizerName string = '' -param contentSafetyName string = '' -param speechServiceName string = '' -param computerVisionName string = '' -param useKeyVault bool -param openAIKeyName string = '' -param storageAccountKeyName string = '' -param formRecognizerKeyName string = '' -param searchKeyName string = '' -param computerVisionKeyName string = '' -param contentSafetyKeyName string = '' -param speechKeyName string = '' -param authType string param dockerFullImageName string = '' -param databaseType string module function '../core/host/functions.bicep' = { name: '${name}-app-module' @@ -42,92 +26,8 @@ module function '../core/host/functions.bicep' = { runtimeName: runtimeName runtimeVersion: runtimeVersion dockerFullImageName: dockerFullImageName - useKeyVault: useKeyVault - managedIdentity: databaseType == 'PostgreSQL' || !empty(keyVaultName) - appSettings: union(appSettings, { - WEBSITES_ENABLE_APP_SERVICE_STORAGE: 'false' - AZURE_AUTH_TYPE: authType - USE_KEY_VAULT: useKeyVault ? useKeyVault : '' - AZURE_OPENAI_API_KEY: useKeyVault - ? openAIKeyName - : listKeys( - resourceId( - subscription().subscriptionId, - resourceGroup().name, - 'Microsoft.CognitiveServices/accounts', - azureOpenAIName - ), - '2023-05-01' - ).key1 - AZURE_SEARCH_KEY: useKeyVault - ? searchKeyName - : (azureAISearchName != '' - ? listAdminKeys( - resourceId( - subscription().subscriptionId, - resourceGroup().name, - 'Microsoft.Search/searchServices', - azureAISearchName - ), - '2021-04-01-preview' - ).primaryKey - : '') - AZURE_BLOB_ACCOUNT_KEY: useKeyVault - ? storageAccountKeyName - : listKeys( - resourceId( - subscription().subscriptionId, - resourceGroup().name, - 'Microsoft.Storage/storageAccounts', - storageAccountName - ), - '2021-09-01' - ).keys[0].value - AZURE_FORM_RECOGNIZER_KEY: useKeyVault - ? formRecognizerKeyName - : listKeys( - resourceId( - subscription().subscriptionId, - resourceGroup().name, - 'Microsoft.CognitiveServices/accounts', - formRecognizerName - ), - '2023-05-01' - ).key1 - AZURE_CONTENT_SAFETY_KEY: useKeyVault - ? contentSafetyKeyName - : listKeys( - resourceId( - subscription().subscriptionId, - resourceGroup().name, - 'Microsoft.CognitiveServices/accounts', - contentSafetyName - ), - '2023-05-01' - ).key1 - AZURE_SPEECH_SERVICE_KEY: useKeyVault - ? speechKeyName - : listKeys( - resourceId( - subscription().subscriptionId, - resourceGroup().name, - 'Microsoft.CognitiveServices/accounts', - speechServiceName - ), - '2023-05-01' - ).key1 - AZURE_COMPUTER_VISION_KEY: (useKeyVault || computerVisionName == '') - ? computerVisionKeyName - : listKeys( - resourceId( - subscription().subscriptionId, - resourceGroup().name, - 'Microsoft.CognitiveServices/accounts', - computerVisionName - ), - '2023-05-01' - ).key1 - }) + managedIdentity: !empty(keyVaultName) + appSettings: appSettings } } @@ -159,7 +59,7 @@ resource waitFunctionDeploymentSection 'Microsoft.Resources/deploymentScripts@20 } // Cognitive Services User -module openAIRoleFunction '../core/security/role.bicep' = if (authType == 'rbac') { +module openAIRoleFunction '../core/security/role.bicep' = { name: 'openai-role-function' params: { principalId: function.outputs.identityPrincipalId @@ -171,7 +71,7 @@ module openAIRoleFunction '../core/security/role.bicep' = if (authType == 'rbac' // Contributor // This role is used to grant the service principal contributor access to the resource group // See if this is needed in the future. -module openAIRoleFunctionContributor '../core/security/role.bicep' = if (authType == 'rbac') { +module openAIRoleFunctionContributor '../core/security/role.bicep' = { name: 'openai-role-function-contributor' params: { principalId: function.outputs.identityPrincipalId @@ -181,7 +81,7 @@ module openAIRoleFunctionContributor '../core/security/role.bicep' = if (authTyp } // Search Index Data Contributor -module searchRoleFunction '../core/security/role.bicep' = if (authType == 'rbac') { +module searchRoleFunction '../core/security/role.bicep' = { name: 'search-role-function' params: { principalId: function.outputs.identityPrincipalId @@ -191,7 +91,7 @@ module searchRoleFunction '../core/security/role.bicep' = if (authType == 'rbac' } // Storage Blob Data Contributor -module storageBlobRoleFunction '../core/security/role.bicep' = if (authType == 'rbac') { +module storageBlobRoleFunction '../core/security/role.bicep' = { name: 'storage-blob-role-function' params: { principalId: function.outputs.identityPrincipalId @@ -201,7 +101,7 @@ module storageBlobRoleFunction '../core/security/role.bicep' = if (authType == ' } // Storage Queue Data Contributor -module storageQueueRoleFunction '../core/security/role.bicep' = if (authType == 'rbac') { +module storageQueueRoleFunction '../core/security/role.bicep' = { name: 'storage-queue-role-function' params: { principalId: function.outputs.identityPrincipalId @@ -210,7 +110,7 @@ module storageQueueRoleFunction '../core/security/role.bicep' = if (authType == } } -module functionaccess '../core/security/keyvault-access.bicep' = if (useKeyVault) { +module functionaccess '../core/security/keyvault-access.bicep' = { name: 'function-keyvault-access' params: { keyVaultName: keyVaultName diff --git a/infra/app/machinelearning.bicep b/infra/app/machinelearning.bicep index e1538dfef..726974b86 100644 --- a/infra/app/machinelearning.bicep +++ b/infra/app/machinelearning.bicep @@ -1,7 +1,6 @@ param location string param workspaceName string param storageAccountId string -param keyVaultId string param applicationInsightsId string param azureAISearchName string param azureAISearchEndpoint string @@ -16,7 +15,6 @@ resource machineLearningWorkspace 'Microsoft.MachineLearningServices/workspaces@ } properties: { storageAccount: storageAccountId - keyVault: keyVaultId applicationInsights: applicationInsightsId } } diff --git a/infra/app/storekeys.bicep b/infra/app/storekeys.bicep index db513d9f4..aa8f37aa6 100644 --- a/infra/app/storekeys.bicep +++ b/infra/app/storekeys.bicep @@ -1,131 +1,11 @@ -param keyVaultName string = '' -param storageAccountName string = '' -param azureOpenAIName string = '' -param azureAISearchName string = '' -param rgName string = '' -param formRecognizerName string = '' -param contentSafetyName string = '' -param speechServiceName string = '' -param computerVisionName string = '' -param postgresServerName string = '' // PostgreSQL server name -param postgresDatabaseName string = 'postgres' // Default database name -param postgresInfoName string = 'AZURE-POSTGRESQL-INFO' // Secret name for PostgreSQL info -param postgresDatabaseAdminUserName string = '' -param storageAccountKeyName string = 'AZURE-STORAGE-ACCOUNT-KEY' -param openAIKeyName string = 'AZURE-OPENAI-API-KEY' -param searchKeyName string = 'AZURE-SEARCH-KEY' -param formRecognizerKeyName string = 'AZURE-FORM-RECOGNIZER-KEY' -param contentSafetyKeyName string = 'AZURE-CONTENT-SAFETY-KEY' -param speechKeyName string = 'AZURE-SPEECH-KEY' -param computerVisionKeyName string = 'AZURE-COMPUTER-VISION-KEY' -param cosmosAccountKeyName string = 'AZURE-COSMOSDB-ACCOUNT-KEY' -param cosmosAccountName string = '' +param keyVaultName string +param clientkey string -resource storageAccountKeySecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = { +resource clientKeySecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = { parent: keyVault - name: storageAccountKeyName + name: 'FUNCTION-KEY' properties: { - value: listKeys( - resourceId(subscription().subscriptionId, rgName, 'Microsoft.Storage/storageAccounts', storageAccountName), - '2021-09-01' - ).keys[0].value - } -} - -resource openAIKeySecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = { - parent: keyVault - name: openAIKeyName - properties: { - value: listKeys( - resourceId(subscription().subscriptionId, rgName, 'Microsoft.CognitiveServices/accounts', azureOpenAIName), - '2023-05-01' - ).key1 - } -} - -resource searchKeySecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = if (azureAISearchName != '') { - parent: keyVault - name: searchKeyName - properties: { - value: listAdminKeys( - resourceId(subscription().subscriptionId, rgName, 'Microsoft.Search/searchServices', azureAISearchName), - '2021-04-01-preview' - ).primaryKey - } -} - -resource formRecognizerKeySecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = { - parent: keyVault - name: formRecognizerKeyName - properties: { - value: listKeys( - resourceId(subscription().subscriptionId, rgName, 'Microsoft.CognitiveServices/accounts', formRecognizerName), - '2023-05-01' - ).key1 - } -} - -resource contentSafetyKeySecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = { - parent: keyVault - name: contentSafetyKeyName - properties: { - value: listKeys( - resourceId(subscription().subscriptionId, rgName, 'Microsoft.CognitiveServices/accounts', contentSafetyName), - '2023-05-01' - ).key1 - } -} - -resource speechKeySecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = { - parent: keyVault - name: speechKeyName - properties: { - value: listKeys( - resourceId(subscription().subscriptionId, rgName, 'Microsoft.CognitiveServices/accounts', speechServiceName), - '2023-05-01' - ).key1 - } -} - -resource computerVisionKeySecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = if (computerVisionName != '') { - parent: keyVault - name: computerVisionKeyName - properties: { - value: computerVisionName != '' - ? listKeys( - resourceId(subscription().subscriptionId, rgName, 'Microsoft.CognitiveServices/accounts', computerVisionName), - '2023-05-01' - ).key1 - : '' - } -} - -// Add PostgreSQL info in JSON format -resource postgresInfoSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = if (postgresServerName != '') { - parent: keyVault - name: postgresInfoName - properties: { - value: postgresServerName != '' - ? string({ - user: postgresDatabaseAdminUserName - dbname: postgresDatabaseName - host: postgresServerName - }) - : '' - } -} - -// Conditional CosmosDB key secret -resource cosmosDbAccountKey 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = if (cosmosAccountName != '') { - parent: keyVault - name: cosmosAccountKeyName - properties: { - value: cosmosAccountName != '' - ? listKeys( - resourceId(subscription().subscriptionId, rgName, 'Microsoft.DocumentDB/databaseAccounts', cosmosAccountName), - '2022-08-15' - ).primaryMasterKey - : '' + value: clientkey } } @@ -133,12 +13,4 @@ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = { name: keyVaultName } -output CONTENT_SAFETY_KEY_NAME string = contentSafetyKeySecret.name -output FORM_RECOGNIZER_KEY_NAME string = formRecognizerKeySecret.name -output SEARCH_KEY_NAME string = azureAISearchName != '' ? searchKeySecret.name : '' -output OPENAI_KEY_NAME string = openAIKeySecret.name -output STORAGE_ACCOUNT_KEY_NAME string = storageAccountKeySecret.name -output SPEECH_KEY_NAME string = speechKeySecret.name -output COMPUTER_VISION_KEY_NAME string = computerVisionName != '' ? computerVisionKeySecret.name : '' -output COSMOS_ACCOUNT_KEY_NAME string = cosmosAccountName != '' ? cosmosDbAccountKey.name : '' -output POSTGRESQL_INFO_NAME string = postgresServerName != '' ? postgresInfoSecret.name : '' +output FUNCTION_KEY string = clientKeySecret.name diff --git a/infra/app/web.bicep b/infra/app/web.bicep index 0e52cd388..99bfd0a3f 100644 --- a/infra/app/web.bicep +++ b/infra/app/web.bicep @@ -8,48 +8,16 @@ param applicationInsightsName string = '' param runtimeName string = 'python' param runtimeVersion string = '' param keyVaultName string = '' -param azureOpenAIName string = '' -param azureAISearchName string = '' -param storageAccountName string = '' -param formRecognizerName string = '' -param contentSafetyName string = '' -param speechServiceName string = '' -param computerVisionName string = '' @secure() param appSettings object = {} -param useKeyVault bool -param openAIKeyName string = '' -param storageAccountKeyName string = '' -param formRecognizerKeyName string = '' -param searchKeyName string = '' -param computerVisionKeyName string = '' -param contentSafetyKeyName string = '' -param speechKeyName string = '' -param authType string + param dockerFullImageName string = '' param useDocker bool = dockerFullImageName != '' param healthCheckPath string = '' // Database parameters param databaseType string = 'CosmosDB' // 'CosmosDB' or 'PostgreSQL' -param cosmosDBKeyName string = '' -// Database-specific settings -var databaseSettings = databaseType == 'CosmosDB' - ? { - AZURE_COSMOSDB_ACCOUNT_KEY: (useKeyVault || cosmosDBKeyName == '') - ? cosmosDBKeyName - : listKeys( - resourceId( - subscription().subscriptionId, - resourceGroup().name, - 'Microsoft.DocumentDB/databaseAccounts', - cosmosDBKeyName - ), - '2022-08-15' - ).primaryMasterKey - } - : {} module web '../core/host/appservice.bicep' = { name: '${name}-app-module' @@ -61,104 +29,19 @@ module web '../core/host/appservice.bicep' = { appCommandLine: useDocker ? '' : appCommandLine applicationInsightsName: applicationInsightsName appServicePlanId: appServicePlanId - appSettings: union( - appSettings, - union(databaseSettings, { - AZURE_AUTH_TYPE: authType - USE_KEY_VAULT: useKeyVault ? useKeyVault : '' - AZURE_OPENAI_API_KEY: useKeyVault - ? openAIKeyName - : listKeys( - resourceId( - subscription().subscriptionId, - resourceGroup().name, - 'Microsoft.CognitiveServices/accounts', - azureOpenAIName - ), - '2023-05-01' - ).key1 - AZURE_SEARCH_KEY: useKeyVault - ? searchKeyName - : (azureAISearchName != '' - ? listAdminKeys( - resourceId( - subscription().subscriptionId, - resourceGroup().name, - 'Microsoft.Search/searchServices', - azureAISearchName - ), - '2021-04-01-preview' - ).primaryKey - : '') - AZURE_BLOB_ACCOUNT_KEY: useKeyVault - ? storageAccountKeyName - : listKeys( - resourceId( - subscription().subscriptionId, - resourceGroup().name, - 'Microsoft.Storage/storageAccounts', - storageAccountName - ), - '2021-09-01' - ).keys[0].value - AZURE_FORM_RECOGNIZER_KEY: useKeyVault - ? formRecognizerKeyName - : listKeys( - resourceId( - subscription().subscriptionId, - resourceGroup().name, - 'Microsoft.CognitiveServices/accounts', - formRecognizerName - ), - '2023-05-01' - ).key1 - AZURE_CONTENT_SAFETY_KEY: useKeyVault - ? contentSafetyKeyName - : listKeys( - resourceId( - subscription().subscriptionId, - resourceGroup().name, - 'Microsoft.CognitiveServices/accounts', - contentSafetyName - ), - '2023-05-01' - ).key1 - AZURE_SPEECH_SERVICE_KEY: useKeyVault - ? speechKeyName - : listKeys( - resourceId( - subscription().subscriptionId, - resourceGroup().name, - 'Microsoft.CognitiveServices/accounts', - speechServiceName - ), - '2023-05-01' - ).key1 - AZURE_COMPUTER_VISION_KEY: (useKeyVault || computerVisionName == '') - ? computerVisionKeyName - : listKeys( - resourceId( - subscription().subscriptionId, - resourceGroup().name, - 'Microsoft.CognitiveServices/accounts', - computerVisionName - ), - '2023-05-01' - ).key1 - }) - ) - keyVaultName: keyVaultName + appSettings: appSettings runtimeName: runtimeName runtimeVersion: runtimeVersion dockerFullImageName: dockerFullImageName scmDoBuildDuringDeployment: useDocker ? false : true healthCheckPath: healthCheckPath - managedIdentity: databaseType == 'PostgreSQL' || !empty(keyVaultName) + keyVaultName: keyVaultName + managedIdentity: !empty(keyVaultName) } } // Storage Blob Data Contributor -module storageBlobRoleWeb '../core/security/role.bicep' = if (authType == 'rbac') { +module storageBlobRoleWeb '../core/security/role.bicep' = { name: 'storage-blob-role-web' params: { principalId: web.outputs.identityPrincipalId @@ -168,7 +51,7 @@ module storageBlobRoleWeb '../core/security/role.bicep' = if (authType == 'rbac' } // Cognitive Services User -module openAIRoleWeb '../core/security/role.bicep' = if (authType == 'rbac') { +module openAIRoleWeb '../core/security/role.bicep' = { name: 'openai-role-web' params: { principalId: web.outputs.identityPrincipalId @@ -178,7 +61,7 @@ module openAIRoleWeb '../core/security/role.bicep' = if (authType == 'rbac') { } // Contributor -module openAIRoleWebContributor '../core/security/role.bicep' = if (authType == 'rbac') { +module openAIRoleWebContributor '../core/security/role.bicep' = { name: 'openai-role-web-contributor' params: { principalId: web.outputs.identityPrincipalId @@ -188,7 +71,7 @@ module openAIRoleWebContributor '../core/security/role.bicep' = if (authType == } // Search Index Data Contributor -module searchRoleWeb '../core/security/role.bicep' = if (authType == 'rbac') { +module searchRoleWeb '../core/security/role.bicep' = { name: 'search-role-web' params: { principalId: web.outputs.identityPrincipalId @@ -197,7 +80,7 @@ module searchRoleWeb '../core/security/role.bicep' = if (authType == 'rbac') { } } -module webaccess '../core/security/keyvault-access.bicep' = if (useKeyVault) { +module webaccess '../core/security/keyvault-access.bicep' = { name: 'web-keyvault-access' params: { keyVaultName: keyVaultName diff --git a/infra/core/database/deploy_create_table_script.bicep b/infra/core/database/deploy_create_table_script.bicep index 9ca5ed0a1..844bb9a0a 100644 --- a/infra/core/database/deploy_create_table_script.bicep +++ b/infra/core/database/deploy_create_table_script.bicep @@ -2,7 +2,6 @@ param solutionLocation string param baseUrl string -param keyVaultName string param identity string param postgresSqlServerName string param webAppPrincipalName string @@ -23,7 +22,7 @@ resource create_index 'Microsoft.Resources/deploymentScripts@2020-10-01' = { properties: { azCliVersion: '2.52.0' primaryScriptUri: '${baseUrl}scripts/run_create_table_script.sh' - arguments: '${baseUrl} ${keyVaultName} ${resourceGroup().name} ${postgresSqlServerName} ${webAppPrincipalName} ${adminAppPrincipalName} ${functionAppPrincipalName} ${managedIdentityName}' // Specify any arguments for the script + arguments: '${baseUrl} ${resourceGroup().name} ${postgresSqlServerName} ${webAppPrincipalName} ${adminAppPrincipalName} ${functionAppPrincipalName} ${managedIdentityName}' // Specify any arguments for the script timeout: 'PT1H' // Specify the desired timeout duration retentionInterval: 'PT1H' // Specify the desired retention interval cleanupPreference:'OnSuccess' diff --git a/infra/core/host/appservice.bicep b/infra/core/host/appservice.bicep index 4d2dca50d..978a72d35 100644 --- a/infra/core/host/appservice.bicep +++ b/infra/core/host/appservice.bicep @@ -7,7 +7,7 @@ param tags object = {} param applicationInsightsName string = '' param appServicePlanId string param keyVaultName string = '' -param managedIdentity bool = !empty(keyVaultName) +param managedIdentity bool = true // Runtime Properties @allowed([ @@ -108,7 +108,9 @@ module configAppSettings 'appservice-appsettings.bicep' = { !empty(applicationInsightsName) ? { APPLICATIONINSIGHTS_CONNECTION_STRING: applicationInsights.properties.ConnectionString } : {}, - !empty(keyVaultName) ? { AZURE_KEY_VAULT_ENDPOINT: keyVault.properties.vaultUri } : {} + !empty(keyVaultName) + ? { AZURE_KEY_VAULT_ENDPOINT: keyVault.properties.vaultUri } + : {} ) } } diff --git a/infra/core/host/functions.bicep b/infra/core/host/functions.bicep index 92194941f..95e99804c 100644 --- a/infra/core/host/functions.bicep +++ b/infra/core/host/functions.bicep @@ -7,9 +7,8 @@ param tags object = {} param applicationInsightsName string = '' param appServicePlanId string param keyVaultName string = '' -param managedIdentity bool = !empty(keyVaultName) +param managedIdentity bool = true param storageAccountName string -param useKeyVault bool // Runtime Properties @allowed([ @@ -71,11 +70,7 @@ module functions 'appservice.bicep' = { FUNCTIONS_EXTENSION_VERSION: extensionVersion }, !useDocker ? { FUNCTIONS_WORKER_RUNTIME: runtimeName } : {}, - useKeyVault - ? { - AzureWebJobsStorage: 'DefaultEndpointsProtocol=https;AccountName=${storage.name};AccountKey=${storage.listKeys().keys[0].value};EndpointSuffix=${environment().suffixes.storage}' - } - : { AzureWebJobsStorage__accountName: storage.name } + { AzureWebJobsStorage__accountName: storage.name } ) clientAffinityEnabled: clientAffinityEnabled enableOryxBuild: enableOryxBuild @@ -111,6 +106,4 @@ resource storage 'Microsoft.Storage/storageAccounts@2021-09-01' existing = { output identityPrincipalId string = managedIdentity ? functions.outputs.identityPrincipalId : '' output name string = functions.outputs.name output uri string = functions.outputs.uri -output azureWebJobsStorage string = useKeyVault - ? 'DefaultEndpointsProtocol=https;AccountName=${storage.name};AccountKey=${storage.listKeys().keys[0].value};EndpointSuffix=${environment().suffixes.storage}' - : storage.name +output azureWebJobsStorage string = storage.name diff --git a/infra/core/storage/storage-account.bicep b/infra/core/storage/storage-account.bicep index 5e7a9e60e..4ba0dfbe1 100644 --- a/infra/core/storage/storage-account.bicep +++ b/infra/core/storage/storage-account.bicep @@ -11,8 +11,6 @@ param tags object = {} param accessTier string = 'Hot' param allowBlobPublicAccess bool = false param allowCrossTenantReplication bool = true -param useKeyVault bool -param allowSharedKeyAccess bool = useKeyVault param containers array = [] param defaultToOAuthAuthentication bool = false param deleteRetentionPolicy object = {} @@ -40,7 +38,7 @@ resource storage 'Microsoft.Storage/storageAccounts@2022-05-01' = { accessTier: accessTier allowBlobPublicAccess: allowBlobPublicAccess allowCrossTenantReplication: allowCrossTenantReplication - allowSharedKeyAccess: allowSharedKeyAccess + allowSharedKeyAccess: false defaultToOAuthAuthentication: defaultToOAuthAuthentication dnsEndpointType: dnsEndpointType minimumTlsVersion: minimumTlsVersion diff --git a/infra/main.bicep b/infra/main.bicep index ace215cbb..d84ca5751 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -297,16 +297,6 @@ param logAnalyticsName string = 'log-${resourceToken}' param newGuidString string = newGuid() param searchTag string = 'chatwithyourdata-sa' -@description('Whether the Azure services communicate with each other using RBAC or keys. RBAC is recommended, however some users may not have sufficient permissions to assign roles.') -@allowed([ - 'rbac' - 'keys' -]) -param authType string = 'rbac' - -@description('Whether to use Key Vault to store secrets (best when using keys). If using RBAC, then please set this to false.') -param useKeyVault bool = authType == 'rbac' ? false : true - @description('Id of the user or app to assign application roles') param principalId string = '' @@ -328,9 +318,6 @@ param recognizedLanguages string = 'en-US,fr-FR,de-DE,it-IT' @description('Azure Machine Learning Name') param azureMachineLearningName string = 'mlw-${resourceToken}' -@description('Resource ID of existing Log Analytics workspace. If not provided, a new one will be created.') -param existingLogAnalyticsResourceId string = '' - var blobContainerName = 'documents' var queueName = 'doc-processing' var clientKey = '${uniqueString(guid(subscription().id, deployment().name))}${newGuidString}' @@ -400,7 +387,7 @@ module postgresDBModule './core/database/postgresdb.bicep' = if (databaseType == } // Store secrets in a keyvault -module keyvault './core/security/keyvault.bicep' = if (useKeyVault || authType == 'rbac') { +module keyvault './core/security/keyvault.bicep' = { name: 'keyvault' scope: rg params: { @@ -471,7 +458,7 @@ module openai 'core/ai/cognitiveservices.bicep' = { sku: { name: azureOpenAISkuName } - managedIdentity: authType == 'rbac' + managedIdentity: true deployments: openAiDeployments } } @@ -491,7 +478,7 @@ module computerVision 'core/ai/cognitiveservices.bicep' = if (useAdvancedImagePr } // Search Index Data Reader -module searchIndexRoleOpenai 'core/security/role.bicep' = if (authType == 'rbac') { +module searchIndexRoleOpenai 'core/security/role.bicep' = { scope: rg name: 'search-index-role-openai' params: { @@ -502,7 +489,7 @@ module searchIndexRoleOpenai 'core/security/role.bicep' = if (authType == 'rbac' } // Search Service Contributor -module searchServiceRoleOpenai 'core/security/role.bicep' = if (authType == 'rbac') { +module searchServiceRoleOpenai 'core/security/role.bicep' = { scope: rg name: 'search-service-role-openai' params: { @@ -513,7 +500,7 @@ module searchServiceRoleOpenai 'core/security/role.bicep' = if (authType == 'rba } // Storage Blob Data Reader -module blobDataReaderRoleSearch 'core/security/role.bicep' = if (authType == 'rbac' && databaseType == 'CosmosDB') { +module blobDataReaderRoleSearch 'core/security/role.bicep' = if (databaseType == 'CosmosDB') { scope: rg name: 'blob-data-reader-role-search' params: { @@ -524,7 +511,7 @@ module blobDataReaderRoleSearch 'core/security/role.bicep' = if (authType == 'rb } // Cognitive Services OpenAI User -module openAiRoleSearchService 'core/security/role.bicep' = if (authType == 'rbac' && databaseType == 'CosmosDB') { +module openAiRoleSearchService 'core/security/role.bicep' = if (databaseType == 'CosmosDB') { scope: rg name: 'openai-role-searchservice' params: { @@ -547,28 +534,16 @@ module speechService 'core/ai/cognitiveservices.bicep' = { } } -module storekeys './app/storekeys.bicep' = if (useKeyVault) { +module storekeys './app/storekeys.bicep' = { name: 'storekeys' scope: rg params: { keyVaultName: keyVaultName - azureOpenAIName: openai.outputs.name - azureAISearchName: databaseType == 'CosmosDB' ? search.outputs.name : '' - storageAccountName: storage.outputs.name - formRecognizerName: formrecognizer.outputs.name - contentSafetyName: contentsafety.outputs.name - speechServiceName: speechServiceName - computerVisionName: useAdvancedImageProcessing ? computerVision.outputs.name : '' - cosmosAccountName: databaseType == 'CosmosDB' ? cosmosDBModule.outputs.cosmosOutput.cosmosAccountName : '' - postgresServerName: databaseType == 'PostgreSQL' - ? postgresDBModule.outputs.postgresDbOutput.postgreSQLServerName - : '' - postgresDatabaseName: databaseType == 'PostgreSQL' ? 'postgres' : '' - postgresDatabaseAdminUserName: databaseType == 'PostgreSQL' - ? postgresDBModule.outputs.postgresDbOutput.postgreSQLDbUser - : '' - rgName: rgName + clientkey: clientKey } + dependsOn: [ + keyvault + ] } module search './core/search/search-services.bicep' = if (databaseType == 'CosmosDB') { @@ -619,32 +594,10 @@ module web './app/web.bicep' = if (hostingModel == 'code') { appServicePlanId: hostingplan.outputs.name applicationInsightsName: monitoring.outputs.applicationInsightsName healthCheckPath: '/api/health' - azureOpenAIName: openai.outputs.name - azureAISearchName: databaseType == 'CosmosDB' ? search.outputs.name : '' - storageAccountName: storage.outputs.name - formRecognizerName: formrecognizer.outputs.name - contentSafetyName: contentsafety.outputs.name - speechServiceName: speechService.outputs.name - computerVisionName: useAdvancedImageProcessing ? computerVision.outputs.name : '' // New database-related parameters databaseType: databaseType // Add this parameter to specify 'PostgreSQL' or 'CosmosDB' - - // Conditional key vault key names - openAIKeyName: useKeyVault ? storekeys.outputs.OPENAI_KEY_NAME : '' - storageAccountKeyName: useKeyVault ? storekeys.outputs.STORAGE_ACCOUNT_KEY_NAME : '' - formRecognizerKeyName: useKeyVault ? storekeys.outputs.FORM_RECOGNIZER_KEY_NAME : '' - searchKeyName: useKeyVault && databaseType == 'CosmosDB' ? storekeys.outputs.SEARCH_KEY_NAME : '' - contentSafetyKeyName: useKeyVault ? storekeys.outputs.CONTENT_SAFETY_KEY_NAME : '' - speechKeyName: useKeyVault ? storekeys.outputs.SPEECH_KEY_NAME : '' - computerVisionKeyName: useKeyVault ? storekeys.outputs.COMPUTER_VISION_KEY_NAME : '' - - // Conditionally set database key names - cosmosDBKeyName: databaseType == 'CosmosDB' && useKeyVault ? storekeys.outputs.COSMOS_ACCOUNT_KEY_NAME : '' - useKeyVault: useKeyVault - keyVaultName: useKeyVault || authType == 'rbac' ? keyvault.outputs.name : '' - authType: authType - + keyVaultName: keyvault.outputs.name appSettings: union( { AZURE_BLOB_ACCOUNT_NAME: storageAccountName @@ -733,32 +686,10 @@ module web_docker './app/web.bicep' = if (hostingModel == 'container') { appServicePlanId: hostingplan.outputs.name applicationInsightsName: monitoring.outputs.applicationInsightsName healthCheckPath: '/api/health' - azureOpenAIName: openai.outputs.name - azureAISearchName: databaseType == 'CosmosDB' ? search.outputs.name : '' - storageAccountName: storage.outputs.name - formRecognizerName: formrecognizer.outputs.name - contentSafetyName: contentsafety.outputs.name - speechServiceName: speechService.outputs.name - computerVisionName: useAdvancedImageProcessing ? computerVision.outputs.name : '' // New database-related parameters databaseType: databaseType - - // Conditional key vault key names - openAIKeyName: useKeyVault ? storekeys.outputs.OPENAI_KEY_NAME : '' - storageAccountKeyName: useKeyVault ? storekeys.outputs.STORAGE_ACCOUNT_KEY_NAME : '' - formRecognizerKeyName: useKeyVault ? storekeys.outputs.FORM_RECOGNIZER_KEY_NAME : '' - searchKeyName: useKeyVault && databaseType == 'CosmosDB' ? storekeys.outputs.SEARCH_KEY_NAME : '' - computerVisionKeyName: useKeyVault ? storekeys.outputs.COMPUTER_VISION_KEY_NAME : '' - contentSafetyKeyName: useKeyVault ? storekeys.outputs.CONTENT_SAFETY_KEY_NAME : '' - speechKeyName: useKeyVault ? storekeys.outputs.SPEECH_KEY_NAME : '' - - // Conditionally set database key names - cosmosDBKeyName: databaseType == 'CosmosDB' && useKeyVault ? storekeys.outputs.COSMOS_ACCOUNT_KEY_NAME : '' - useKeyVault: useKeyVault - keyVaultName: useKeyVault || authType == 'rbac' ? keyvault.outputs.name : '' - authType: authType - + keyVaultName: keyvault.outputs.name appSettings: union( { AZURE_BLOB_ACCOUNT_NAME: storageAccountName @@ -847,24 +778,7 @@ module adminweb './app/adminweb.bicep' = if (hostingModel == 'code') { runtimeVersion: '3.11' appServicePlanId: hostingplan.outputs.name applicationInsightsName: monitoring.outputs.applicationInsightsName - azureOpenAIName: openai.outputs.name - azureAISearchName: databaseType == 'CosmosDB' ? search.outputs.name : '' - storageAccountName: storage.outputs.name - formRecognizerName: formrecognizer.outputs.name - contentSafetyName: contentsafety.outputs.name - speechServiceName: speechService.outputs.name - computerVisionName: useAdvancedImageProcessing ? computerVision.outputs.name : '' - openAIKeyName: useKeyVault ? storekeys.outputs.OPENAI_KEY_NAME : '' - storageAccountKeyName: useKeyVault ? storekeys.outputs.STORAGE_ACCOUNT_KEY_NAME : '' - formRecognizerKeyName: useKeyVault ? storekeys.outputs.FORM_RECOGNIZER_KEY_NAME : '' - searchKeyName: useKeyVault && databaseType == 'CosmosDB' ? storekeys.outputs.SEARCH_KEY_NAME : '' - computerVisionKeyName: useKeyVault ? storekeys.outputs.COMPUTER_VISION_KEY_NAME : '' - contentSafetyKeyName: useKeyVault ? storekeys.outputs.CONTENT_SAFETY_KEY_NAME : '' - speechKeyName: useKeyVault ? storekeys.outputs.SPEECH_KEY_NAME : '' - useKeyVault: useKeyVault - keyVaultName: useKeyVault || authType == 'rbac' ? keyvault.outputs.name : '' - authType: authType - databaseType: databaseType + keyVaultName: keyvault.outputs.name appSettings: union( { AZURE_BLOB_ACCOUNT_NAME: storageAccountName @@ -892,11 +806,12 @@ module adminweb './app/adminweb.bicep' = if (hostingModel == 'code') { USE_ADVANCED_IMAGE_PROCESSING: useAdvancedImageProcessing BACKEND_URL: 'https://${functionName}.azurewebsites.net' DOCUMENT_PROCESSING_QUEUE_NAME: queueName - FUNCTION_KEY: clientKey + FUNCTION_KEY: storekeys.outputs.FUNCTION_KEY ORCHESTRATION_STRATEGY: orchestrationStrategy CONVERSATION_FLOW: conversationFlow LOGLEVEL: logLevel DATABASE_TYPE: databaseType + USE_KEY_VAULT: 'true' }, // Conditionally add database-specific settings databaseType == 'CosmosDB' @@ -946,24 +861,7 @@ module adminweb_docker './app/adminweb.bicep' = if (hostingModel == 'container') dockerFullImageName: '${registryName}.azurecr.io/rag-adminwebapp:${appversion}' appServicePlanId: hostingplan.outputs.name applicationInsightsName: monitoring.outputs.applicationInsightsName - azureOpenAIName: openai.outputs.name - azureAISearchName: databaseType == 'CosmosDB' ? search.outputs.name : '' - storageAccountName: storage.outputs.name - formRecognizerName: formrecognizer.outputs.name - contentSafetyName: contentsafety.outputs.name - speechServiceName: speechService.outputs.name - computerVisionName: useAdvancedImageProcessing ? computerVision.outputs.name : '' - openAIKeyName: useKeyVault ? storekeys.outputs.OPENAI_KEY_NAME : '' - storageAccountKeyName: useKeyVault ? storekeys.outputs.STORAGE_ACCOUNT_KEY_NAME : '' - formRecognizerKeyName: useKeyVault ? storekeys.outputs.FORM_RECOGNIZER_KEY_NAME : '' - searchKeyName: useKeyVault && databaseType == 'CosmosDB' ? storekeys.outputs.SEARCH_KEY_NAME : '' - contentSafetyKeyName: useKeyVault ? storekeys.outputs.CONTENT_SAFETY_KEY_NAME : '' - speechKeyName: useKeyVault ? storekeys.outputs.SPEECH_KEY_NAME : '' - computerVisionKeyName: useKeyVault ? storekeys.outputs.COMPUTER_VISION_KEY_NAME : '' - useKeyVault: useKeyVault - keyVaultName: useKeyVault || authType == 'rbac' ? keyvault.outputs.name : '' - authType: authType - databaseType: databaseType + keyVaultName: keyvault.outputs.name appSettings: union( { AZURE_BLOB_ACCOUNT_NAME: storageAccountName @@ -991,11 +889,12 @@ module adminweb_docker './app/adminweb.bicep' = if (hostingModel == 'container') USE_ADVANCED_IMAGE_PROCESSING: useAdvancedImageProcessing BACKEND_URL: 'https://${functionName}-docker.azurewebsites.net' DOCUMENT_PROCESSING_QUEUE_NAME: queueName - FUNCTION_KEY: clientKey + FUNCTION_KEY: storekeys.outputs.FUNCTION_KEY ORCHESTRATION_STRATEGY: orchestrationStrategy CONVERSATION_FLOW: conversationFlow LOGLEVEL: logLevel DATABASE_TYPE: databaseType + USE_KEY_VAULT: 'true' }, // Conditionally add database-specific settings databaseType == 'CosmosDB' @@ -1081,25 +980,9 @@ module function './app/function.bicep' = if (hostingModel == 'code') { runtimeVersion: '3.11' appServicePlanId: hostingplan.outputs.name applicationInsightsName: monitoring.outputs.applicationInsightsName - azureOpenAIName: openai.outputs.name - azureAISearchName: databaseType == 'CosmosDB' ? search.outputs.name : '' storageAccountName: storage.outputs.name - formRecognizerName: formrecognizer.outputs.name - contentSafetyName: contentsafety.outputs.name - speechServiceName: speechService.outputs.name - computerVisionName: useAdvancedImageProcessing ? computerVision.outputs.name : '' clientKey: clientKey - openAIKeyName: useKeyVault ? storekeys.outputs.OPENAI_KEY_NAME : '' - storageAccountKeyName: useKeyVault ? storekeys.outputs.STORAGE_ACCOUNT_KEY_NAME : '' - formRecognizerKeyName: useKeyVault ? storekeys.outputs.FORM_RECOGNIZER_KEY_NAME : '' - searchKeyName: useKeyVault && databaseType == 'CosmosDB' ? storekeys.outputs.SEARCH_KEY_NAME : '' - contentSafetyKeyName: useKeyVault ? storekeys.outputs.CONTENT_SAFETY_KEY_NAME : '' - speechKeyName: useKeyVault ? storekeys.outputs.SPEECH_KEY_NAME : '' - computerVisionKeyName: useKeyVault ? storekeys.outputs.COMPUTER_VISION_KEY_NAME : '' - useKeyVault: useKeyVault - keyVaultName: useKeyVault || authType == 'rbac' ? keyvault.outputs.name : '' - authType: authType - databaseType: databaseType + keyVaultName: keyvault.outputs.name appSettings: union( { AZURE_BLOB_ACCOUNT_NAME: storageAccountName @@ -1166,25 +1049,9 @@ module function_docker './app/function.bicep' = if (hostingModel == 'container') dockerFullImageName: '${registryName}.azurecr.io/rag-backend:${appversion}' appServicePlanId: hostingplan.outputs.name applicationInsightsName: monitoring.outputs.applicationInsightsName - azureOpenAIName: openai.outputs.name - azureAISearchName: databaseType == 'CosmosDB' ? search.outputs.name : '' storageAccountName: storage.outputs.name - formRecognizerName: formrecognizer.outputs.name - contentSafetyName: contentsafety.outputs.name - speechServiceName: speechService.outputs.name - computerVisionName: useAdvancedImageProcessing ? computerVision.outputs.name : '' clientKey: clientKey - openAIKeyName: useKeyVault ? storekeys.outputs.OPENAI_KEY_NAME : '' - storageAccountKeyName: useKeyVault ? storekeys.outputs.STORAGE_ACCOUNT_KEY_NAME : '' - formRecognizerKeyName: useKeyVault ? storekeys.outputs.FORM_RECOGNIZER_KEY_NAME : '' - searchKeyName: useKeyVault && databaseType == 'CosmosDB' ? storekeys.outputs.SEARCH_KEY_NAME : '' - contentSafetyKeyName: useKeyVault ? storekeys.outputs.CONTENT_SAFETY_KEY_NAME : '' - speechKeyName: useKeyVault ? storekeys.outputs.SPEECH_KEY_NAME : '' - computerVisionKeyName: useKeyVault ? storekeys.outputs.COMPUTER_VISION_KEY_NAME : '' - useKeyVault: useKeyVault - keyVaultName: useKeyVault || authType == 'rbac' ? keyvault.outputs.name : '' - authType: authType - databaseType: databaseType + keyVaultName: keyvault.outputs.name appSettings: union( { AZURE_BLOB_ACCOUNT_NAME: storageAccountName @@ -1281,7 +1148,6 @@ module storage 'core/storage/storage-account.bicep' = { params: { name: storageAccountName location: location - useKeyVault: useKeyVault sku: { name: 'Standard_GRS' } @@ -1314,7 +1180,7 @@ module storage 'core/storage/storage-account.bicep' = { // USER ROLES // Storage Blob Data Contributor -module storageRoleUser 'core/security/role.bicep' = if (authType == 'rbac' && principalId != '') { +module storageRoleUser 'core/security/role.bicep' = if (principalId != '') { scope: rg name: 'storage-role-user' params: { @@ -1325,7 +1191,7 @@ module storageRoleUser 'core/security/role.bicep' = if (authType == 'rbac' && pr } // Cognitive Services User -module openaiRoleUser 'core/security/role.bicep' = if (authType == 'rbac' && principalId != '') { +module openaiRoleUser 'core/security/role.bicep' = if (principalId != '') { scope: rg name: 'openai-role-user' params: { @@ -1336,7 +1202,7 @@ module openaiRoleUser 'core/security/role.bicep' = if (authType == 'rbac' && pri } // Contributor -module openaiRoleUserContributor 'core/security/role.bicep' = if (authType == 'rbac' && principalId != '') { +module openaiRoleUserContributor 'core/security/role.bicep' = if (principalId != '') { scope: rg name: 'openai-role-user-contributor' params: { @@ -1347,7 +1213,7 @@ module openaiRoleUserContributor 'core/security/role.bicep' = if (authType == 'r } // Search Index Data Contributor -module searchRoleUser 'core/security/role.bicep' = if (authType == 'rbac' && principalId != '' && databaseType == 'CosmosDB') { +module searchRoleUser 'core/security/role.bicep' = if (principalId != '' && databaseType == 'CosmosDB') { scope: rg name: 'search-role-user' params: { @@ -1364,7 +1230,6 @@ module machineLearning 'app/machinelearning.bicep' = if (orchestrationStrategy = location: location workspaceName: azureMachineLearningName storageAccountId: storage.outputs.id - keyVaultId: useKeyVault ? keyvault.outputs.id : '' applicationInsightsId: monitoring.outputs.applicationInsightsId azureOpenAIName: openai.outputs.name azureAISearchName: databaseType == 'CosmosDB' ? search.outputs.name : '' @@ -1379,7 +1244,6 @@ module createIndex './core/database/deploy_create_table_script.bicep' = if (data solutionLocation: location identity: managedIdentityModule.outputs.managedIdentityOutput.id baseUrl: baseUrl - keyVaultName: keyvault.outputs.name postgresSqlServerName: postgresDBModule.outputs.postgresDbOutput.postgreSQLServerName webAppPrincipalName: hostingModel == 'code' ? web.outputs.FRONTEND_API_NAME : web_docker.outputs.FRONTEND_API_NAME adminAppPrincipalName: hostingModel == 'code' @@ -1392,9 +1256,9 @@ module createIndex './core/database/deploy_create_table_script.bicep' = if (data } scope: rg dependsOn: hostingModel == 'code' - ? [keyvault, postgresDBModule, storekeys, web, adminweb] + ? [postgresDBModule, web, adminweb, function] : [ - [keyvault, postgresDBModule, storekeys, web_docker, adminweb_docker] + [postgresDBModule, web_docker, adminweb_docker, function_docker] ] } @@ -1412,7 +1276,6 @@ var azureOpenAIEmbeddingModelInfo = string({ var azureCosmosDBInfo = string({ account_name: databaseType == 'CosmosDB' ? cosmosDBModule.outputs.cosmosOutput.cosmosAccountName : '' - account_key: databaseType == 'CosmosDB' && useKeyVault ? storekeys.outputs.COSMOS_ACCOUNT_KEY_NAME : '' database_name: databaseType == 'CosmosDB' ? cosmosDBModule.outputs.cosmosOutput.cosmosDatabaseName : '' conversations_container_name: databaseType == 'CosmosDB' ? cosmosDBModule.outputs.cosmosOutput.cosmosContainerName @@ -1427,26 +1290,22 @@ var azurePostgresDBInfo = string({ var azureFormRecognizerInfo = string({ endpoint: formrecognizer.outputs.endpoint - key: useKeyVault ? storekeys.outputs.FORM_RECOGNIZER_KEY_NAME : '' }) var azureBlobStorageInfo = string({ container_name: blobContainerName account_name: storageAccountName - account_key: useKeyVault ? storekeys.outputs.STORAGE_ACCOUNT_KEY_NAME : '' }) var azureSpeechServiceInfo = string({ service_name: speechServiceName service_region: location - service_key: useKeyVault ? storekeys.outputs.SPEECH_KEY_NAME : '' recognizer_languages: recognizedLanguages }) var azureSearchServiceInfo = databaseType == 'CosmosDB' ? string({ service_name: azureAISearchName - key: useKeyVault ? storekeys.outputs.SEARCH_KEY_NAME : '' service: search.outputs.endpoint use_semantic_search: azureSearchUseSemanticSearch semantic_search_config: azureSearchSemanticSearchConfig @@ -1474,7 +1333,6 @@ var azureComputerVisionInfo = string({ service_name: speechServiceName endpoint: useAdvancedImageProcessing ? computerVision.outputs.endpoint : '' location: useAdvancedImageProcessing ? computerVision.outputs.location : '' - key: useKeyVault ? storekeys.outputs.COMPUTER_VISION_KEY_NAME : '' vectorize_image_api_version: computerVisionVectorizeImageApiVersion vectorize_image_model_version: computerVisionVectorizeImageModelVersion }) @@ -1489,17 +1347,10 @@ var azureOpenaiConfigurationInfo = string({ temperature: azureOpenAITemperature api_version: azureOpenAIApiVersion resource: azureOpenAIResourceName - api_key: useKeyVault ? storekeys.outputs.OPENAI_KEY_NAME : '' -}) - -var azureKeyvaultInfo = string({ - endpoint: useKeyVault ? keyvault.outputs.endpoint : '' - name: useKeyVault || authType == 'rbac' ? keyvault.outputs.name : '' }) var azureContentSafetyInfo = string({ endpoint: contentsafety.outputs.endpoint - key: useKeyVault ? storekeys.outputs.CONTENT_SAFETY_KEY_NAME : '' }) var backendUrl = 'https://${functionName}.azurewebsites.net' @@ -1510,7 +1361,6 @@ output AZURE_BLOB_STORAGE_INFO string = azureBlobStorageInfo output AZURE_COMPUTER_VISION_INFO string = azureComputerVisionInfo output AZURE_CONTENT_SAFETY_INFO string = azureContentSafetyInfo output AZURE_FORM_RECOGNIZER_INFO string = azureFormRecognizerInfo -output AZURE_KEY_VAULT_INFO string = azureKeyvaultInfo output AZURE_LOCATION string = location output AZURE_OPENAI_MODEL_INFO string = azureOpenAIModelInfo output AZURE_OPENAI_CONFIGURATION_INFO string = azureOpenaiConfigurationInfo @@ -1521,11 +1371,8 @@ output AZURE_SPEECH_SERVICE_INFO string = azureSpeechServiceInfo output AZURE_TENANT_ID string = tenant().tenantId output DOCUMENT_PROCESSING_QUEUE_NAME string = queueName output ORCHESTRATION_STRATEGY string = orchestrationStrategy -output USE_KEY_VAULT bool = useKeyVault -output AZURE_AUTH_TYPE string = authType output BACKEND_URL string = backendUrl output AzureWebJobsStorage string = function.outputs.AzureWebJobsStorage -output FUNCTION_KEY string = clientKey output FRONTEND_WEBSITE_NAME string = hostingModel == 'code' ? web.outputs.FRONTEND_API_URI : web_docker.outputs.FRONTEND_API_URI diff --git a/infra/main.bicepparam b/infra/main.bicepparam index 50add98f3..7f47ca42e 100644 --- a/infra/main.bicepparam +++ b/infra/main.bicepparam @@ -4,11 +4,6 @@ param environmentName = readEnvironmentVariable('AZURE_ENV_NAME', 'env_name') param location = readEnvironmentVariable('AZURE_LOCATION', 'location') param principalId = readEnvironmentVariable('AZURE_PRINCIPAL_ID', 'principal_id') - -// Please make sure to set this value to false when using rbac with AZURE_AUTH_TYPE -param useKeyVault = bool(readEnvironmentVariable('USE_KEY_VAULT', 'true')) -param authType = readEnvironmentVariable('AZURE_AUTH_TYPE', 'keys') - // Deploying using json will set this to "container". param hostingModel = readEnvironmentVariable('AZURE_APP_SERVICE_HOSTING_MODEL', 'code') diff --git a/infra/main.json b/infra/main.json index c0d2ea8f8..c034f430f 100644 --- a/infra/main.json +++ b/infra/main.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.36.1.42791", - "templateHash": "9016078693098336838" + "templateHash": "15961130919109930926" } }, "parameters": { @@ -607,24 +607,6 @@ "type": "string", "defaultValue": "chatwithyourdata-sa" }, - "authType": { - "type": "string", - "defaultValue": "rbac", - "allowedValues": [ - "rbac", - "keys" - ], - "metadata": { - "description": "Whether the Azure services communicate with each other using RBAC or keys. RBAC is recommended, however some users may not have sufficient permissions to assign roles." - } - }, - "useKeyVault": { - "type": "bool", - "defaultValue": "[if(equals(parameters('authType'), 'rbac'), false(), true())]", - "metadata": { - "description": "Whether to use Key Vault to store secrets (best when using keys). If using RBAC, then please set this to false." - } - }, "principalId": { "type": "string", "defaultValue": "", @@ -663,13 +645,6 @@ "metadata": { "description": "Azure Machine Learning Name" } - }, - "existingLogAnalyticsResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Resource ID of existing Log Analytics workspace. If not provided, a new one will be created." - } } }, "variables": { @@ -943,6 +918,9 @@ "openAiDeployments": "[concat(variables('defaultOpenAiDeployments'), if(parameters('useAdvancedImageProcessing'), createArray(createObject('name', parameters('azureOpenAIVisionModel'), 'model', createObject('format', 'OpenAI', 'name', parameters('azureOpenAIVisionModelName'), 'version', parameters('azureOpenAIVisionModelVersion')), 'sku', createObject('name', 'Standard', 'capacity', parameters('azureOpenAIVisionModelCapacity')))), createArray()))]", "azureOpenAIModelInfo": "[string(createObject('model', parameters('azureOpenAIModel'), 'model_name', parameters('azureOpenAIModelName'), 'model_version', parameters('azureOpenAIModelVersion')))]", "azureOpenAIEmbeddingModelInfo": "[string(createObject('model', parameters('azureOpenAIEmbeddingModel'), 'model_name', parameters('azureOpenAIEmbeddingModelName'), 'model_version', parameters('azureOpenAIEmbeddingModelVersion')))]", + "azureBlobStorageInfo": "[string(createObject('container_name', variables('blobContainerName'), 'account_name', parameters('storageAccountName')))]", + "azureSpeechServiceInfo": "[string(createObject('service_name', parameters('speechServiceName'), 'service_region', parameters('location'), 'recognizer_languages', parameters('recognizedLanguages')))]", + "azureOpenaiConfigurationInfo": "[string(createObject('service_name', parameters('speechServiceName'), 'stream', parameters('azureOpenAIStream'), 'system_message', parameters('azureOpenAISystemMessage'), 'stop_sequence', parameters('azureOpenAIStopSequence'), 'max_tokens', parameters('azureOpenAIMaxTokens'), 'top_p', parameters('azureOpenAITopP'), 'temperature', parameters('azureOpenAITemperature'), 'api_version', parameters('azureOpenAIApiVersion'), 'resource', parameters('azureOpenAIResourceName')))]", "backendUrl": "[format('https://{0}.azurewebsites.net', parameters('functionName'))]" }, "resources": [ @@ -1444,7 +1422,6 @@ ] }, { - "condition": "[or(parameters('useKeyVault'), equals(parameters('authType'), 'rbac'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "keyvault", @@ -1565,7 +1542,7 @@ } }, "managedIdentity": { - "value": "[equals(parameters('authType'), 'rbac')]" + "value": true }, "deployments": { "value": "[variables('openAiDeployments')]" @@ -1862,7 +1839,6 @@ ] }, { - "condition": "[equals(parameters('authType'), 'rbac')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "search-index-role-openai", @@ -1933,7 +1909,6 @@ ] }, { - "condition": "[equals(parameters('authType'), 'rbac')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "search-service-role-openai", @@ -2004,7 +1979,7 @@ ] }, { - "condition": "[and(equals(parameters('authType'), 'rbac'), equals(parameters('databaseType'), 'CosmosDB'))]", + "condition": "[equals(parameters('databaseType'), 'CosmosDB')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "blob-data-reader-role-search", @@ -2075,7 +2050,7 @@ ] }, { - "condition": "[and(equals(parameters('authType'), 'rbac'), equals(parameters('databaseType'), 'CosmosDB'))]", + "condition": "[equals(parameters('databaseType'), 'CosmosDB')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "openai-role-searchservice", @@ -2303,7 +2278,6 @@ ] }, { - "condition": "[parameters('useKeyVault')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "storekeys", @@ -2317,29 +2291,8 @@ "keyVaultName": { "value": "[variables('keyVaultName')]" }, - "azureOpenAIName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.name.value]" - }, - "azureAISearchName": "[if(equals(parameters('databaseType'), 'CosmosDB'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.name.value), createObject('value', ''))]", - "storageAccountName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.name.value]" - }, - "formRecognizerName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.name.value]" - }, - "contentSafetyName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.name.value]" - }, - "speechServiceName": { - "value": "[parameters('speechServiceName')]" - }, - "computerVisionName": "[if(parameters('useAdvancedImageProcessing'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.name.value), createObject('value', ''))]", - "cosmosAccountName": "[if(equals(parameters('databaseType'), 'CosmosDB'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosAccountName), createObject('value', ''))]", - "postgresServerName": "[if(equals(parameters('databaseType'), 'PostgreSQL'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql'), '2022-09-01').outputs.postgresDbOutput.value.postgreSQLServerName), createObject('value', ''))]", - "postgresDatabaseName": "[if(equals(parameters('databaseType'), 'PostgreSQL'), createObject('value', 'postgres'), createObject('value', ''))]", - "postgresDatabaseAdminUserName": "[if(equals(parameters('databaseType'), 'PostgreSQL'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql'), '2022-09-01').outputs.postgresDbOutput.value.postgreSQLDbUser), createObject('value', ''))]", - "rgName": { - "value": "[parameters('rgName')]" + "clientkey": { + "value": "[variables('clientKey')]" } }, "template": { @@ -2349,227 +2302,38 @@ "_generator": { "name": "bicep", "version": "0.36.1.42791", - "templateHash": "16435352906283381381" + "templateHash": "15387352767143583863" } }, "parameters": { "keyVaultName": { - "type": "string", - "defaultValue": "" - }, - "storageAccountName": { - "type": "string", - "defaultValue": "" - }, - "azureOpenAIName": { - "type": "string", - "defaultValue": "" - }, - "azureAISearchName": { - "type": "string", - "defaultValue": "" - }, - "rgName": { - "type": "string", - "defaultValue": "" - }, - "formRecognizerName": { - "type": "string", - "defaultValue": "" - }, - "contentSafetyName": { - "type": "string", - "defaultValue": "" - }, - "speechServiceName": { - "type": "string", - "defaultValue": "" - }, - "computerVisionName": { - "type": "string", - "defaultValue": "" - }, - "postgresServerName": { - "type": "string", - "defaultValue": "" - }, - "postgresDatabaseName": { - "type": "string", - "defaultValue": "postgres" - }, - "postgresInfoName": { - "type": "string", - "defaultValue": "AZURE-POSTGRESQL-INFO" - }, - "postgresDatabaseAdminUserName": { - "type": "string", - "defaultValue": "" - }, - "storageAccountKeyName": { - "type": "string", - "defaultValue": "AZURE-STORAGE-ACCOUNT-KEY" - }, - "openAIKeyName": { - "type": "string", - "defaultValue": "AZURE-OPENAI-API-KEY" - }, - "searchKeyName": { - "type": "string", - "defaultValue": "AZURE-SEARCH-KEY" - }, - "formRecognizerKeyName": { - "type": "string", - "defaultValue": "AZURE-FORM-RECOGNIZER-KEY" - }, - "contentSafetyKeyName": { - "type": "string", - "defaultValue": "AZURE-CONTENT-SAFETY-KEY" - }, - "speechKeyName": { - "type": "string", - "defaultValue": "AZURE-SPEECH-KEY" - }, - "computerVisionKeyName": { - "type": "string", - "defaultValue": "AZURE-COMPUTER-VISION-KEY" - }, - "cosmosAccountKeyName": { - "type": "string", - "defaultValue": "AZURE-COSMOSDB-ACCOUNT-KEY" + "type": "string" }, - "cosmosAccountName": { - "type": "string", - "defaultValue": "" + "clientkey": { + "type": "string" } }, "resources": [ { "type": "Microsoft.KeyVault/vaults/secrets", "apiVersion": "2022-07-01", - "name": "[format('{0}/{1}', parameters('keyVaultName'), parameters('storageAccountKeyName'))]", - "properties": { - "value": "[listKeys(resourceId(subscription().subscriptionId, parameters('rgName'), 'Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2021-09-01').keys[0].value]" - } - }, - { - "type": "Microsoft.KeyVault/vaults/secrets", - "apiVersion": "2022-07-01", - "name": "[format('{0}/{1}', parameters('keyVaultName'), parameters('openAIKeyName'))]", - "properties": { - "value": "[listKeys(resourceId(subscription().subscriptionId, parameters('rgName'), 'Microsoft.CognitiveServices/accounts', parameters('azureOpenAIName')), '2023-05-01').key1]" - } - }, - { - "condition": "[not(equals(parameters('azureAISearchName'), ''))]", - "type": "Microsoft.KeyVault/vaults/secrets", - "apiVersion": "2022-07-01", - "name": "[format('{0}/{1}', parameters('keyVaultName'), parameters('searchKeyName'))]", + "name": "[format('{0}/{1}', parameters('keyVaultName'), 'FUNCTION-KEY')]", "properties": { - "value": "[listAdminKeys(resourceId(subscription().subscriptionId, parameters('rgName'), 'Microsoft.Search/searchServices', parameters('azureAISearchName')), '2021-04-01-preview').primaryKey]" - } - }, - { - "type": "Microsoft.KeyVault/vaults/secrets", - "apiVersion": "2022-07-01", - "name": "[format('{0}/{1}', parameters('keyVaultName'), parameters('formRecognizerKeyName'))]", - "properties": { - "value": "[listKeys(resourceId(subscription().subscriptionId, parameters('rgName'), 'Microsoft.CognitiveServices/accounts', parameters('formRecognizerName')), '2023-05-01').key1]" - } - }, - { - "type": "Microsoft.KeyVault/vaults/secrets", - "apiVersion": "2022-07-01", - "name": "[format('{0}/{1}', parameters('keyVaultName'), parameters('contentSafetyKeyName'))]", - "properties": { - "value": "[listKeys(resourceId(subscription().subscriptionId, parameters('rgName'), 'Microsoft.CognitiveServices/accounts', parameters('contentSafetyName')), '2023-05-01').key1]" - } - }, - { - "type": "Microsoft.KeyVault/vaults/secrets", - "apiVersion": "2022-07-01", - "name": "[format('{0}/{1}', parameters('keyVaultName'), parameters('speechKeyName'))]", - "properties": { - "value": "[listKeys(resourceId(subscription().subscriptionId, parameters('rgName'), 'Microsoft.CognitiveServices/accounts', parameters('speechServiceName')), '2023-05-01').key1]" - } - }, - { - "condition": "[not(equals(parameters('computerVisionName'), ''))]", - "type": "Microsoft.KeyVault/vaults/secrets", - "apiVersion": "2022-07-01", - "name": "[format('{0}/{1}', parameters('keyVaultName'), parameters('computerVisionKeyName'))]", - "properties": { - "value": "[if(not(equals(parameters('computerVisionName'), '')), listKeys(resourceId(subscription().subscriptionId, parameters('rgName'), 'Microsoft.CognitiveServices/accounts', parameters('computerVisionName')), '2023-05-01').key1, '')]" - } - }, - { - "condition": "[not(equals(parameters('postgresServerName'), ''))]", - "type": "Microsoft.KeyVault/vaults/secrets", - "apiVersion": "2022-07-01", - "name": "[format('{0}/{1}', parameters('keyVaultName'), parameters('postgresInfoName'))]", - "properties": { - "value": "[if(not(equals(parameters('postgresServerName'), '')), string(createObject('user', parameters('postgresDatabaseAdminUserName'), 'dbname', parameters('postgresDatabaseName'), 'host', parameters('postgresServerName'))), '')]" - } - }, - { - "condition": "[not(equals(parameters('cosmosAccountName'), ''))]", - "type": "Microsoft.KeyVault/vaults/secrets", - "apiVersion": "2022-07-01", - "name": "[format('{0}/{1}', parameters('keyVaultName'), parameters('cosmosAccountKeyName'))]", - "properties": { - "value": "[if(not(equals(parameters('cosmosAccountName'), '')), listKeys(resourceId(subscription().subscriptionId, parameters('rgName'), 'Microsoft.DocumentDB/databaseAccounts', parameters('cosmosAccountName')), '2022-08-15').primaryMasterKey, '')]" + "value": "[parameters('clientkey')]" } } ], "outputs": { - "CONTENT_SAFETY_KEY_NAME": { - "type": "string", - "value": "[parameters('contentSafetyKeyName')]" - }, - "FORM_RECOGNIZER_KEY_NAME": { - "type": "string", - "value": "[parameters('formRecognizerKeyName')]" - }, - "SEARCH_KEY_NAME": { - "type": "string", - "value": "[if(not(equals(parameters('azureAISearchName'), '')), parameters('searchKeyName'), '')]" - }, - "OPENAI_KEY_NAME": { - "type": "string", - "value": "[parameters('openAIKeyName')]" - }, - "STORAGE_ACCOUNT_KEY_NAME": { - "type": "string", - "value": "[parameters('storageAccountKeyName')]" - }, - "SPEECH_KEY_NAME": { - "type": "string", - "value": "[parameters('speechKeyName')]" - }, - "COMPUTER_VISION_KEY_NAME": { - "type": "string", - "value": "[if(not(equals(parameters('computerVisionName'), '')), parameters('computerVisionKeyName'), '')]" - }, - "COSMOS_ACCOUNT_KEY_NAME": { + "FUNCTION_KEY": { "type": "string", - "value": "[if(not(equals(parameters('cosmosAccountName'), '')), parameters('cosmosAccountKeyName'), '')]" - }, - "POSTGRESQL_INFO_NAME": { - "type": "string", - "value": "[if(not(equals(parameters('postgresServerName'), '')), parameters('postgresInfoName'), '')]" + "value": "FUNCTION-KEY" } } } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'computerVision')]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db')]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql')]", - "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('rgName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName'))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'keyvault')]", + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('rgName'))]" ] }, { @@ -2879,40 +2643,11 @@ "healthCheckPath": { "value": "/api/health" }, - "azureOpenAIName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.name.value]" - }, - "azureAISearchName": "[if(equals(parameters('databaseType'), 'CosmosDB'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.name.value), createObject('value', ''))]", - "storageAccountName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.name.value]" - }, - "formRecognizerName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.name.value]" - }, - "contentSafetyName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.name.value]" - }, - "speechServiceName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('speechServiceName')), '2022-09-01').outputs.name.value]" - }, - "computerVisionName": "[if(parameters('useAdvancedImageProcessing'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.name.value), createObject('value', ''))]", "databaseType": { "value": "[parameters('databaseType')]" }, - "openAIKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.OPENAI_KEY_NAME.value), createObject('value', ''))]", - "storageAccountKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.STORAGE_ACCOUNT_KEY_NAME.value), createObject('value', ''))]", - "formRecognizerKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.FORM_RECOGNIZER_KEY_NAME.value), createObject('value', ''))]", - "searchKeyName": "[if(and(parameters('useKeyVault'), equals(parameters('databaseType'), 'CosmosDB')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SEARCH_KEY_NAME.value), createObject('value', ''))]", - "contentSafetyKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.CONTENT_SAFETY_KEY_NAME.value), createObject('value', ''))]", - "speechKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SPEECH_KEY_NAME.value), createObject('value', ''))]", - "computerVisionKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COMPUTER_VISION_KEY_NAME.value), createObject('value', ''))]", - "cosmosDBKeyName": "[if(and(equals(parameters('databaseType'), 'CosmosDB'), parameters('useKeyVault')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COSMOS_ACCOUNT_KEY_NAME.value), createObject('value', ''))]", - "useKeyVault": { - "value": "[parameters('useKeyVault')]" - }, - "keyVaultName": "[if(or(parameters('useKeyVault'), equals(parameters('authType'), 'rbac')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value), createObject('value', ''))]", - "authType": { - "value": "[parameters('authType')]" + "keyVaultName": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value]" }, "appSettings": { "value": "[union(createObject('AZURE_BLOB_ACCOUNT_NAME', parameters('storageAccountName'), 'AZURE_BLOB_CONTAINER_NAME', variables('blobContainerName'), 'AZURE_FORM_RECOGNIZER_ENDPOINT', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.endpoint.value, 'AZURE_COMPUTER_VISION_ENDPOINT', if(parameters('useAdvancedImageProcessing'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.endpoint.value, ''), 'AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_API_VERSION', parameters('computerVisionVectorizeImageApiVersion'), 'AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_MODEL_VERSION', parameters('computerVisionVectorizeImageModelVersion'), 'AZURE_CONTENT_SAFETY_ENDPOINT', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.endpoint.value, 'AZURE_OPENAI_RESOURCE', parameters('azureOpenAIResourceName'), 'AZURE_OPENAI_MODEL', parameters('azureOpenAIModel'), 'AZURE_OPENAI_MODEL_NAME', parameters('azureOpenAIModelName'), 'AZURE_OPENAI_MODEL_VERSION', parameters('azureOpenAIModelVersion'), 'AZURE_OPENAI_TEMPERATURE', parameters('azureOpenAITemperature'), 'AZURE_OPENAI_TOP_P', parameters('azureOpenAITopP'), 'AZURE_OPENAI_MAX_TOKENS', parameters('azureOpenAIMaxTokens'), 'AZURE_OPENAI_STOP_SEQUENCE', parameters('azureOpenAIStopSequence'), 'AZURE_OPENAI_SYSTEM_MESSAGE', parameters('azureOpenAISystemMessage'), 'AZURE_OPENAI_API_VERSION', parameters('azureOpenAIApiVersion'), 'AZURE_OPENAI_STREAM', parameters('azureOpenAIStream'), 'AZURE_OPENAI_EMBEDDING_MODEL', parameters('azureOpenAIEmbeddingModel'), 'AZURE_OPENAI_EMBEDDING_MODEL_NAME', parameters('azureOpenAIEmbeddingModelName'), 'AZURE_OPENAI_EMBEDDING_MODEL_VERSION', parameters('azureOpenAIEmbeddingModelVersion'), 'AZURE_SPEECH_SERVICE_NAME', parameters('speechServiceName'), 'AZURE_SPEECH_SERVICE_REGION', parameters('location'), 'AZURE_SPEECH_RECOGNIZER_LANGUAGES', parameters('recognizedLanguages'), 'USE_ADVANCED_IMAGE_PROCESSING', parameters('useAdvancedImageProcessing'), 'ADVANCED_IMAGE_PROCESSING_MAX_IMAGES', parameters('advancedImageProcessingMaxImages'), 'ORCHESTRATION_STRATEGY', parameters('orchestrationStrategy'), 'CONVERSATION_FLOW', parameters('conversationFlow'), 'LOGLEVEL', parameters('logLevel'), 'DATABASE_TYPE', parameters('databaseType'), 'OPEN_AI_FUNCTIONS_SYSTEM_PROMPT', variables('openAIFunctionsSystemPrompt'), 'SEMENTIC_KERNEL_SYSTEM_PROMPT', variables('semanticKernelSystemPrompt')), if(equals(parameters('databaseType'), 'CosmosDB'), createObject('AZURE_COSMOSDB_ACCOUNT_NAME', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosAccountName, 'AZURE_COSMOSDB_DATABASE_NAME', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosDatabaseName, 'AZURE_COSMOSDB_CONVERSATIONS_CONTAINER_NAME', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosContainerName, 'AZURE_COSMOSDB_ENABLE_FEEDBACK', true(), 'AZURE_SEARCH_USE_SEMANTIC_SEARCH', parameters('azureSearchUseSemanticSearch'), 'AZURE_SEARCH_SERVICE', format('https://{0}.search.windows.net', parameters('azureAISearchName')), 'AZURE_SEARCH_INDEX', parameters('azureSearchIndex'), 'AZURE_SEARCH_CONVERSATIONS_LOG_INDEX', parameters('azureSearchConversationLogIndex'), 'AZURE_SEARCH_SEMANTIC_SEARCH_CONFIG', parameters('azureSearchSemanticSearchConfig'), 'AZURE_SEARCH_INDEX_IS_PRECHUNKED', parameters('azureSearchIndexIsPrechunked'), 'AZURE_SEARCH_TOP_K', parameters('azureSearchTopK'), 'AZURE_SEARCH_ENABLE_IN_DOMAIN', parameters('azureSearchEnableInDomain'), 'AZURE_SEARCH_FILENAME_COLUMN', parameters('azureSearchFilenameColumn'), 'AZURE_SEARCH_FILTER', parameters('azureSearchFilter'), 'AZURE_SEARCH_FIELDS_ID', parameters('azureSearchFieldId'), 'AZURE_SEARCH_CONTENT_COLUMN', parameters('azureSearchContentColumn'), 'AZURE_SEARCH_CONTENT_VECTOR_COLUMN', parameters('azureSearchVectorColumn'), 'AZURE_SEARCH_TITLE_COLUMN', parameters('azureSearchTitleColumn'), 'AZURE_SEARCH_FIELDS_METADATA', parameters('azureSearchFieldsMetadata'), 'AZURE_SEARCH_SOURCE_COLUMN', parameters('azureSearchSourceColumn'), 'AZURE_SEARCH_TEXT_COLUMN', if(parameters('azureSearchUseIntegratedVectorization'), parameters('azureSearchTextColumn'), ''), 'AZURE_SEARCH_LAYOUT_TEXT_COLUMN', if(parameters('azureSearchUseIntegratedVectorization'), parameters('azureSearchLayoutTextColumn'), ''), 'AZURE_SEARCH_CHUNK_COLUMN', parameters('azureSearchChunkColumn'), 'AZURE_SEARCH_OFFSET_COLUMN', parameters('azureSearchOffsetColumn'), 'AZURE_SEARCH_URL_COLUMN', parameters('azureSearchUrlColumn'), 'AZURE_SEARCH_USE_INTEGRATED_VECTORIZATION', parameters('azureSearchUseIntegratedVectorization')), if(equals(parameters('databaseType'), 'PostgreSQL'), createObject('AZURE_POSTGRESQL_HOST_NAME', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql'), '2022-09-01').outputs.postgresDbOutput.value.postgreSQLServerName, 'AZURE_POSTGRESQL_DATABASE_NAME', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql'), '2022-09-01').outputs.postgresDbOutput.value.postgreSQLDatabaseName, 'AZURE_POSTGRESQL_USER', parameters('websiteName')), createObject())))]" @@ -2925,7 +2660,7 @@ "_generator": { "name": "bicep", "version": "0.36.1.42791", - "templateHash": "16642907920540663373" + "templateHash": "18282125486154751807" } }, "parameters": { @@ -2967,72 +2702,10 @@ "type": "string", "defaultValue": "" }, - "azureOpenAIName": { - "type": "string", - "defaultValue": "" - }, - "azureAISearchName": { - "type": "string", - "defaultValue": "" - }, - "storageAccountName": { - "type": "string", - "defaultValue": "" - }, - "formRecognizerName": { - "type": "string", - "defaultValue": "" - }, - "contentSafetyName": { - "type": "string", - "defaultValue": "" - }, - "speechServiceName": { - "type": "string", - "defaultValue": "" - }, - "computerVisionName": { - "type": "string", - "defaultValue": "" - }, "appSettings": { "type": "secureObject", "defaultValue": {} }, - "useKeyVault": { - "type": "bool" - }, - "openAIKeyName": { - "type": "string", - "defaultValue": "" - }, - "storageAccountKeyName": { - "type": "string", - "defaultValue": "" - }, - "formRecognizerKeyName": { - "type": "string", - "defaultValue": "" - }, - "searchKeyName": { - "type": "string", - "defaultValue": "" - }, - "computerVisionKeyName": { - "type": "string", - "defaultValue": "" - }, - "contentSafetyKeyName": { - "type": "string", - "defaultValue": "" - }, - "speechKeyName": { - "type": "string", - "defaultValue": "" - }, - "authType": { - "type": "string" - }, "dockerFullImageName": { "type": "string", "defaultValue": "" @@ -3048,10 +2721,6 @@ "databaseType": { "type": "string", "defaultValue": "CosmosDB" - }, - "cosmosDBKeyName": { - "type": "string", - "defaultValue": "" } }, "resources": [ @@ -3085,10 +2754,7 @@ "value": "[parameters('appServicePlanId')]" }, "appSettings": { - "value": "[union(parameters('appSettings'), union(if(equals(parameters('databaseType'), 'CosmosDB'), createObject('AZURE_COSMOSDB_ACCOUNT_KEY', if(or(parameters('useKeyVault'), equals(parameters('cosmosDBKeyName'), '')), parameters('cosmosDBKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.DocumentDB/databaseAccounts', parameters('cosmosDBKeyName')), '2022-08-15').primaryMasterKey)), createObject()), createObject('AZURE_AUTH_TYPE', parameters('authType'), 'USE_KEY_VAULT', if(parameters('useKeyVault'), parameters('useKeyVault'), ''), 'AZURE_OPENAI_API_KEY', if(parameters('useKeyVault'), parameters('openAIKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('azureOpenAIName')), '2023-05-01').key1), 'AZURE_SEARCH_KEY', if(parameters('useKeyVault'), parameters('searchKeyName'), if(not(equals(parameters('azureAISearchName'), '')), listAdminKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Search/searchServices', parameters('azureAISearchName')), '2021-04-01-preview').primaryKey, '')), 'AZURE_BLOB_ACCOUNT_KEY', if(parameters('useKeyVault'), parameters('storageAccountKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2021-09-01').keys[0].value), 'AZURE_FORM_RECOGNIZER_KEY', if(parameters('useKeyVault'), parameters('formRecognizerKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('formRecognizerName')), '2023-05-01').key1), 'AZURE_CONTENT_SAFETY_KEY', if(parameters('useKeyVault'), parameters('contentSafetyKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('contentSafetyName')), '2023-05-01').key1), 'AZURE_SPEECH_SERVICE_KEY', if(parameters('useKeyVault'), parameters('speechKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('speechServiceName')), '2023-05-01').key1), 'AZURE_COMPUTER_VISION_KEY', if(or(parameters('useKeyVault'), equals(parameters('computerVisionName'), '')), parameters('computerVisionKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('computerVisionName')), '2023-05-01').key1))))]" - }, - "keyVaultName": { - "value": "[parameters('keyVaultName')]" + "value": "[parameters('appSettings')]" }, "runtimeName": { "value": "[parameters('runtimeName')]" @@ -3103,8 +2769,11 @@ "healthCheckPath": { "value": "[parameters('healthCheckPath')]" }, + "keyVaultName": { + "value": "[parameters('keyVaultName')]" + }, "managedIdentity": { - "value": "[or(equals(parameters('databaseType'), 'PostgreSQL'), not(empty(parameters('keyVaultName'))))]" + "value": "[not(empty(parameters('keyVaultName')))]" } }, "template": { @@ -3114,7 +2783,7 @@ "_generator": { "name": "bicep", "version": "0.36.1.42791", - "templateHash": "7056589812564712804" + "templateHash": "17297314312801200043" }, "description": "Creates an Azure App Service in an existing Azure App Service plan." }, @@ -3143,7 +2812,7 @@ }, "managedIdentity": { "type": "bool", - "defaultValue": "[not(empty(parameters('keyVaultName')))]" + "defaultValue": true }, "runtimeName": { "type": "string", @@ -3392,7 +3061,6 @@ } }, { - "condition": "[equals(parameters('authType'), 'rbac')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "storage-blob-role-web", @@ -3461,7 +3129,6 @@ ] }, { - "condition": "[equals(parameters('authType'), 'rbac')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "openai-role-web", @@ -3530,7 +3197,6 @@ ] }, { - "condition": "[equals(parameters('authType'), 'rbac')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "openai-role-web-contributor", @@ -3599,7 +3265,6 @@ ] }, { - "condition": "[equals(parameters('authType'), 'rbac')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "search-role-web", @@ -3668,7 +3333,6 @@ ] }, { - "condition": "[parameters('useKeyVault')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "web-keyvault-access", @@ -3826,13 +3490,8 @@ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('hostingPlanName'))]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'keyvault')]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'monitoring')]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql')]", - "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('rgName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('speechServiceName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys')]" + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('rgName'))]" ] }, { @@ -3868,40 +3527,11 @@ "healthCheckPath": { "value": "/api/health" }, - "azureOpenAIName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.name.value]" - }, - "azureAISearchName": "[if(equals(parameters('databaseType'), 'CosmosDB'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.name.value), createObject('value', ''))]", - "storageAccountName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.name.value]" - }, - "formRecognizerName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.name.value]" - }, - "contentSafetyName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.name.value]" - }, - "speechServiceName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('speechServiceName')), '2022-09-01').outputs.name.value]" - }, - "computerVisionName": "[if(parameters('useAdvancedImageProcessing'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.name.value), createObject('value', ''))]", "databaseType": { "value": "[parameters('databaseType')]" }, - "openAIKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.OPENAI_KEY_NAME.value), createObject('value', ''))]", - "storageAccountKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.STORAGE_ACCOUNT_KEY_NAME.value), createObject('value', ''))]", - "formRecognizerKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.FORM_RECOGNIZER_KEY_NAME.value), createObject('value', ''))]", - "searchKeyName": "[if(and(parameters('useKeyVault'), equals(parameters('databaseType'), 'CosmosDB')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SEARCH_KEY_NAME.value), createObject('value', ''))]", - "computerVisionKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COMPUTER_VISION_KEY_NAME.value), createObject('value', ''))]", - "contentSafetyKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.CONTENT_SAFETY_KEY_NAME.value), createObject('value', ''))]", - "speechKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SPEECH_KEY_NAME.value), createObject('value', ''))]", - "cosmosDBKeyName": "[if(and(equals(parameters('databaseType'), 'CosmosDB'), parameters('useKeyVault')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COSMOS_ACCOUNT_KEY_NAME.value), createObject('value', ''))]", - "useKeyVault": { - "value": "[parameters('useKeyVault')]" - }, - "keyVaultName": "[if(or(parameters('useKeyVault'), equals(parameters('authType'), 'rbac')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value), createObject('value', ''))]", - "authType": { - "value": "[parameters('authType')]" + "keyVaultName": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value]" }, "appSettings": { "value": "[union(createObject('AZURE_BLOB_ACCOUNT_NAME', parameters('storageAccountName'), 'AZURE_BLOB_CONTAINER_NAME', variables('blobContainerName'), 'AZURE_FORM_RECOGNIZER_ENDPOINT', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.endpoint.value, 'AZURE_COMPUTER_VISION_ENDPOINT', if(parameters('useAdvancedImageProcessing'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.endpoint.value, ''), 'AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_API_VERSION', parameters('computerVisionVectorizeImageApiVersion'), 'AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_MODEL_VERSION', parameters('computerVisionVectorizeImageModelVersion'), 'AZURE_CONTENT_SAFETY_ENDPOINT', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.endpoint.value, 'AZURE_OPENAI_RESOURCE', parameters('azureOpenAIResourceName'), 'AZURE_OPENAI_MODEL', parameters('azureOpenAIModel'), 'AZURE_OPENAI_MODEL_NAME', parameters('azureOpenAIModelName'), 'AZURE_OPENAI_MODEL_VERSION', parameters('azureOpenAIModelVersion'), 'AZURE_OPENAI_TEMPERATURE', parameters('azureOpenAITemperature'), 'AZURE_OPENAI_TOP_P', parameters('azureOpenAITopP'), 'AZURE_OPENAI_MAX_TOKENS', parameters('azureOpenAIMaxTokens'), 'AZURE_OPENAI_STOP_SEQUENCE', parameters('azureOpenAIStopSequence'), 'AZURE_OPENAI_SYSTEM_MESSAGE', parameters('azureOpenAISystemMessage'), 'AZURE_OPENAI_API_VERSION', parameters('azureOpenAIApiVersion'), 'AZURE_OPENAI_STREAM', parameters('azureOpenAIStream'), 'AZURE_OPENAI_EMBEDDING_MODEL', parameters('azureOpenAIEmbeddingModel'), 'AZURE_OPENAI_EMBEDDING_MODEL_NAME', parameters('azureOpenAIEmbeddingModelName'), 'AZURE_OPENAI_EMBEDDING_MODEL_VERSION', parameters('azureOpenAIEmbeddingModelVersion'), 'AZURE_SPEECH_SERVICE_NAME', parameters('speechServiceName'), 'AZURE_SPEECH_SERVICE_REGION', parameters('location'), 'AZURE_SPEECH_RECOGNIZER_LANGUAGES', parameters('recognizedLanguages'), 'USE_ADVANCED_IMAGE_PROCESSING', parameters('useAdvancedImageProcessing'), 'ADVANCED_IMAGE_PROCESSING_MAX_IMAGES', parameters('advancedImageProcessingMaxImages'), 'ORCHESTRATION_STRATEGY', parameters('orchestrationStrategy'), 'CONVERSATION_FLOW', parameters('conversationFlow'), 'LOGLEVEL', parameters('logLevel'), 'DATABASE_TYPE', parameters('databaseType'), 'OPEN_AI_FUNCTIONS_SYSTEM_PROMPT', variables('openAIFunctionsSystemPrompt'), 'SEMENTIC_KERNEL_SYSTEM_PROMPT', variables('semanticKernelSystemPrompt')), if(equals(parameters('databaseType'), 'CosmosDB'), createObject('AZURE_COSMOSDB_ACCOUNT_NAME', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosAccountName, 'AZURE_COSMOSDB_DATABASE_NAME', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosDatabaseName, 'AZURE_COSMOSDB_CONVERSATIONS_CONTAINER_NAME', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosContainerName, 'AZURE_COSMOSDB_ENABLE_FEEDBACK', true(), 'AZURE_SEARCH_USE_SEMANTIC_SEARCH', parameters('azureSearchUseSemanticSearch'), 'AZURE_SEARCH_SERVICE', format('https://{0}.search.windows.net', parameters('azureAISearchName')), 'AZURE_SEARCH_INDEX', parameters('azureSearchIndex'), 'AZURE_SEARCH_CONVERSATIONS_LOG_INDEX', parameters('azureSearchConversationLogIndex'), 'AZURE_SEARCH_SEMANTIC_SEARCH_CONFIG', parameters('azureSearchSemanticSearchConfig'), 'AZURE_SEARCH_INDEX_IS_PRECHUNKED', parameters('azureSearchIndexIsPrechunked'), 'AZURE_SEARCH_TOP_K', parameters('azureSearchTopK'), 'AZURE_SEARCH_ENABLE_IN_DOMAIN', parameters('azureSearchEnableInDomain'), 'AZURE_SEARCH_FILENAME_COLUMN', parameters('azureSearchFilenameColumn'), 'AZURE_SEARCH_FILTER', parameters('azureSearchFilter'), 'AZURE_SEARCH_FIELDS_ID', parameters('azureSearchFieldId'), 'AZURE_SEARCH_CONTENT_COLUMN', parameters('azureSearchContentColumn'), 'AZURE_SEARCH_CONTENT_VECTOR_COLUMN', parameters('azureSearchVectorColumn'), 'AZURE_SEARCH_TITLE_COLUMN', parameters('azureSearchTitleColumn'), 'AZURE_SEARCH_FIELDS_METADATA', parameters('azureSearchFieldsMetadata'), 'AZURE_SEARCH_SOURCE_COLUMN', parameters('azureSearchSourceColumn'), 'AZURE_SEARCH_TEXT_COLUMN', if(parameters('azureSearchUseIntegratedVectorization'), parameters('azureSearchTextColumn'), ''), 'AZURE_SEARCH_LAYOUT_TEXT_COLUMN', if(parameters('azureSearchUseIntegratedVectorization'), parameters('azureSearchLayoutTextColumn'), ''), 'AZURE_SEARCH_CHUNK_COLUMN', parameters('azureSearchChunkColumn'), 'AZURE_SEARCH_OFFSET_COLUMN', parameters('azureSearchOffsetColumn'), 'AZURE_SEARCH_URL_COLUMN', parameters('azureSearchUrlColumn'), 'AZURE_SEARCH_USE_INTEGRATED_VECTORIZATION', parameters('azureSearchUseIntegratedVectorization')), if(equals(parameters('databaseType'), 'PostgreSQL'), createObject('AZURE_POSTGRESQL_HOST_NAME', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql'), '2022-09-01').outputs.postgresDbOutput.value.postgreSQLServerName, 'AZURE_POSTGRESQL_DATABASE_NAME', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql'), '2022-09-01').outputs.postgresDbOutput.value.postgreSQLDatabaseName, 'AZURE_POSTGRESQL_USER', format('{0}-docker', parameters('websiteName'))), createObject())))]" @@ -3914,7 +3544,7 @@ "_generator": { "name": "bicep", "version": "0.36.1.42791", - "templateHash": "16642907920540663373" + "templateHash": "18282125486154751807" } }, "parameters": { @@ -3956,72 +3586,10 @@ "type": "string", "defaultValue": "" }, - "azureOpenAIName": { - "type": "string", - "defaultValue": "" - }, - "azureAISearchName": { - "type": "string", - "defaultValue": "" - }, - "storageAccountName": { - "type": "string", - "defaultValue": "" - }, - "formRecognizerName": { - "type": "string", - "defaultValue": "" - }, - "contentSafetyName": { - "type": "string", - "defaultValue": "" - }, - "speechServiceName": { - "type": "string", - "defaultValue": "" - }, - "computerVisionName": { - "type": "string", - "defaultValue": "" - }, "appSettings": { "type": "secureObject", "defaultValue": {} }, - "useKeyVault": { - "type": "bool" - }, - "openAIKeyName": { - "type": "string", - "defaultValue": "" - }, - "storageAccountKeyName": { - "type": "string", - "defaultValue": "" - }, - "formRecognizerKeyName": { - "type": "string", - "defaultValue": "" - }, - "searchKeyName": { - "type": "string", - "defaultValue": "" - }, - "computerVisionKeyName": { - "type": "string", - "defaultValue": "" - }, - "contentSafetyKeyName": { - "type": "string", - "defaultValue": "" - }, - "speechKeyName": { - "type": "string", - "defaultValue": "" - }, - "authType": { - "type": "string" - }, "dockerFullImageName": { "type": "string", "defaultValue": "" @@ -4037,10 +3605,6 @@ "databaseType": { "type": "string", "defaultValue": "CosmosDB" - }, - "cosmosDBKeyName": { - "type": "string", - "defaultValue": "" } }, "resources": [ @@ -4074,10 +3638,7 @@ "value": "[parameters('appServicePlanId')]" }, "appSettings": { - "value": "[union(parameters('appSettings'), union(if(equals(parameters('databaseType'), 'CosmosDB'), createObject('AZURE_COSMOSDB_ACCOUNT_KEY', if(or(parameters('useKeyVault'), equals(parameters('cosmosDBKeyName'), '')), parameters('cosmosDBKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.DocumentDB/databaseAccounts', parameters('cosmosDBKeyName')), '2022-08-15').primaryMasterKey)), createObject()), createObject('AZURE_AUTH_TYPE', parameters('authType'), 'USE_KEY_VAULT', if(parameters('useKeyVault'), parameters('useKeyVault'), ''), 'AZURE_OPENAI_API_KEY', if(parameters('useKeyVault'), parameters('openAIKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('azureOpenAIName')), '2023-05-01').key1), 'AZURE_SEARCH_KEY', if(parameters('useKeyVault'), parameters('searchKeyName'), if(not(equals(parameters('azureAISearchName'), '')), listAdminKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Search/searchServices', parameters('azureAISearchName')), '2021-04-01-preview').primaryKey, '')), 'AZURE_BLOB_ACCOUNT_KEY', if(parameters('useKeyVault'), parameters('storageAccountKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2021-09-01').keys[0].value), 'AZURE_FORM_RECOGNIZER_KEY', if(parameters('useKeyVault'), parameters('formRecognizerKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('formRecognizerName')), '2023-05-01').key1), 'AZURE_CONTENT_SAFETY_KEY', if(parameters('useKeyVault'), parameters('contentSafetyKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('contentSafetyName')), '2023-05-01').key1), 'AZURE_SPEECH_SERVICE_KEY', if(parameters('useKeyVault'), parameters('speechKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('speechServiceName')), '2023-05-01').key1), 'AZURE_COMPUTER_VISION_KEY', if(or(parameters('useKeyVault'), equals(parameters('computerVisionName'), '')), parameters('computerVisionKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('computerVisionName')), '2023-05-01').key1))))]" - }, - "keyVaultName": { - "value": "[parameters('keyVaultName')]" + "value": "[parameters('appSettings')]" }, "runtimeName": { "value": "[parameters('runtimeName')]" @@ -4092,8 +3653,11 @@ "healthCheckPath": { "value": "[parameters('healthCheckPath')]" }, + "keyVaultName": { + "value": "[parameters('keyVaultName')]" + }, "managedIdentity": { - "value": "[or(equals(parameters('databaseType'), 'PostgreSQL'), not(empty(parameters('keyVaultName'))))]" + "value": "[not(empty(parameters('keyVaultName')))]" } }, "template": { @@ -4103,7 +3667,7 @@ "_generator": { "name": "bicep", "version": "0.36.1.42791", - "templateHash": "7056589812564712804" + "templateHash": "17297314312801200043" }, "description": "Creates an Azure App Service in an existing Azure App Service plan." }, @@ -4132,7 +3696,7 @@ }, "managedIdentity": { "type": "bool", - "defaultValue": "[not(empty(parameters('keyVaultName')))]" + "defaultValue": true }, "runtimeName": { "type": "string", @@ -4381,7 +3945,6 @@ } }, { - "condition": "[equals(parameters('authType'), 'rbac')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "storage-blob-role-web", @@ -4450,7 +4013,6 @@ ] }, { - "condition": "[equals(parameters('authType'), 'rbac')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "openai-role-web", @@ -4519,7 +4081,6 @@ ] }, { - "condition": "[equals(parameters('authType'), 'rbac')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "openai-role-web-contributor", @@ -4588,7 +4149,6 @@ ] }, { - "condition": "[equals(parameters('authType'), 'rbac')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "search-role-web", @@ -4657,7 +4217,6 @@ ] }, { - "condition": "[parameters('useKeyVault')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "web-keyvault-access", @@ -4815,13 +4374,8 @@ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('hostingPlanName'))]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'keyvault')]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'monitoring')]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql')]", - "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('rgName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('speechServiceName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys')]" + "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('rgName'))]" ] }, { @@ -4857,42 +4411,11 @@ "applicationInsightsName": { "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.applicationInsightsName.value]" }, - "azureOpenAIName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.name.value]" - }, - "azureAISearchName": "[if(equals(parameters('databaseType'), 'CosmosDB'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.name.value), createObject('value', ''))]", - "storageAccountName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.name.value]" - }, - "formRecognizerName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.name.value]" - }, - "contentSafetyName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.name.value]" - }, - "speechServiceName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('speechServiceName')), '2022-09-01').outputs.name.value]" - }, - "computerVisionName": "[if(parameters('useAdvancedImageProcessing'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.name.value), createObject('value', ''))]", - "openAIKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.OPENAI_KEY_NAME.value), createObject('value', ''))]", - "storageAccountKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.STORAGE_ACCOUNT_KEY_NAME.value), createObject('value', ''))]", - "formRecognizerKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.FORM_RECOGNIZER_KEY_NAME.value), createObject('value', ''))]", - "searchKeyName": "[if(and(parameters('useKeyVault'), equals(parameters('databaseType'), 'CosmosDB')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SEARCH_KEY_NAME.value), createObject('value', ''))]", - "computerVisionKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COMPUTER_VISION_KEY_NAME.value), createObject('value', ''))]", - "contentSafetyKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.CONTENT_SAFETY_KEY_NAME.value), createObject('value', ''))]", - "speechKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SPEECH_KEY_NAME.value), createObject('value', ''))]", - "useKeyVault": { - "value": "[parameters('useKeyVault')]" - }, - "keyVaultName": "[if(or(parameters('useKeyVault'), equals(parameters('authType'), 'rbac')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value), createObject('value', ''))]", - "authType": { - "value": "[parameters('authType')]" - }, - "databaseType": { - "value": "[parameters('databaseType')]" + "keyVaultName": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value]" }, "appSettings": { - "value": "[union(createObject('AZURE_BLOB_ACCOUNT_NAME', parameters('storageAccountName'), 'AZURE_BLOB_CONTAINER_NAME', variables('blobContainerName'), 'AZURE_FORM_RECOGNIZER_ENDPOINT', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.endpoint.value, 'AZURE_COMPUTER_VISION_ENDPOINT', if(parameters('useAdvancedImageProcessing'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.endpoint.value, ''), 'AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_API_VERSION', parameters('computerVisionVectorizeImageApiVersion'), 'AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_MODEL_VERSION', parameters('computerVisionVectorizeImageModelVersion'), 'AZURE_CONTENT_SAFETY_ENDPOINT', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.endpoint.value, 'AZURE_OPENAI_RESOURCE', parameters('azureOpenAIResourceName'), 'AZURE_OPENAI_MODEL', parameters('azureOpenAIModel'), 'AZURE_OPENAI_MODEL_NAME', parameters('azureOpenAIModelName'), 'AZURE_OPENAI_MODEL_VERSION', parameters('azureOpenAIModelVersion'), 'AZURE_OPENAI_TEMPERATURE', parameters('azureOpenAITemperature'), 'AZURE_OPENAI_TOP_P', parameters('azureOpenAITopP'), 'AZURE_OPENAI_MAX_TOKENS', parameters('azureOpenAIMaxTokens'), 'AZURE_OPENAI_STOP_SEQUENCE', parameters('azureOpenAIStopSequence'), 'AZURE_OPENAI_SYSTEM_MESSAGE', parameters('azureOpenAISystemMessage'), 'AZURE_OPENAI_API_VERSION', parameters('azureOpenAIApiVersion'), 'AZURE_OPENAI_STREAM', parameters('azureOpenAIStream'), 'AZURE_OPENAI_EMBEDDING_MODEL', parameters('azureOpenAIEmbeddingModel'), 'AZURE_OPENAI_EMBEDDING_MODEL_NAME', parameters('azureOpenAIEmbeddingModelName'), 'AZURE_OPENAI_EMBEDDING_MODEL_VERSION', parameters('azureOpenAIEmbeddingModelVersion'), 'USE_ADVANCED_IMAGE_PROCESSING', parameters('useAdvancedImageProcessing'), 'BACKEND_URL', format('https://{0}.azurewebsites.net', parameters('functionName')), 'DOCUMENT_PROCESSING_QUEUE_NAME', variables('queueName'), 'FUNCTION_KEY', variables('clientKey'), 'ORCHESTRATION_STRATEGY', parameters('orchestrationStrategy'), 'CONVERSATION_FLOW', parameters('conversationFlow'), 'LOGLEVEL', parameters('logLevel'), 'DATABASE_TYPE', parameters('databaseType')), if(equals(parameters('databaseType'), 'CosmosDB'), createObject('AZURE_SEARCH_SERVICE', format('https://{0}.search.windows.net', parameters('azureAISearchName')), 'AZURE_SEARCH_INDEX', parameters('azureSearchIndex'), 'AZURE_SEARCH_USE_SEMANTIC_SEARCH', parameters('azureSearchUseSemanticSearch'), 'AZURE_SEARCH_SEMANTIC_SEARCH_CONFIG', parameters('azureSearchSemanticSearchConfig'), 'AZURE_SEARCH_INDEX_IS_PRECHUNKED', parameters('azureSearchIndexIsPrechunked'), 'AZURE_SEARCH_TOP_K', parameters('azureSearchTopK'), 'AZURE_SEARCH_ENABLE_IN_DOMAIN', parameters('azureSearchEnableInDomain'), 'AZURE_SEARCH_FILENAME_COLUMN', parameters('azureSearchFilenameColumn'), 'AZURE_SEARCH_FILTER', parameters('azureSearchFilter'), 'AZURE_SEARCH_FIELDS_ID', parameters('azureSearchFieldId'), 'AZURE_SEARCH_CONTENT_COLUMN', parameters('azureSearchContentColumn'), 'AZURE_SEARCH_CONTENT_VECTOR_COLUMN', parameters('azureSearchVectorColumn'), 'AZURE_SEARCH_TITLE_COLUMN', parameters('azureSearchTitleColumn'), 'AZURE_SEARCH_FIELDS_METADATA', parameters('azureSearchFieldsMetadata'), 'AZURE_SEARCH_SOURCE_COLUMN', parameters('azureSearchSourceColumn'), 'AZURE_SEARCH_TEXT_COLUMN', if(parameters('azureSearchUseIntegratedVectorization'), parameters('azureSearchTextColumn'), ''), 'AZURE_SEARCH_LAYOUT_TEXT_COLUMN', if(parameters('azureSearchUseIntegratedVectorization'), parameters('azureSearchLayoutTextColumn'), ''), 'AZURE_SEARCH_CHUNK_COLUMN', parameters('azureSearchChunkColumn'), 'AZURE_SEARCH_OFFSET_COLUMN', parameters('azureSearchOffsetColumn'), 'AZURE_SEARCH_URL_COLUMN', parameters('azureSearchUrlColumn'), 'AZURE_SEARCH_DATASOURCE_NAME', parameters('azureSearchDatasource'), 'AZURE_SEARCH_INDEXER_NAME', parameters('azureSearchIndexer'), 'AZURE_SEARCH_USE_INTEGRATED_VECTORIZATION', parameters('azureSearchUseIntegratedVectorization')), if(equals(parameters('databaseType'), 'PostgreSQL'), createObject('AZURE_POSTGRESQL_HOST_NAME', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql'), '2022-09-01').outputs.postgresDbOutput.value.postgreSQLServerName, 'AZURE_POSTGRESQL_DATABASE_NAME', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql'), '2022-09-01').outputs.postgresDbOutput.value.postgreSQLDatabaseName, 'AZURE_POSTGRESQL_USER', parameters('adminWebsiteName')), createObject())))]" + "value": "[union(createObject('AZURE_BLOB_ACCOUNT_NAME', parameters('storageAccountName'), 'AZURE_BLOB_CONTAINER_NAME', variables('blobContainerName'), 'AZURE_FORM_RECOGNIZER_ENDPOINT', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.endpoint.value, 'AZURE_COMPUTER_VISION_ENDPOINT', if(parameters('useAdvancedImageProcessing'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.endpoint.value, ''), 'AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_API_VERSION', parameters('computerVisionVectorizeImageApiVersion'), 'AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_MODEL_VERSION', parameters('computerVisionVectorizeImageModelVersion'), 'AZURE_CONTENT_SAFETY_ENDPOINT', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.endpoint.value, 'AZURE_OPENAI_RESOURCE', parameters('azureOpenAIResourceName'), 'AZURE_OPENAI_MODEL', parameters('azureOpenAIModel'), 'AZURE_OPENAI_MODEL_NAME', parameters('azureOpenAIModelName'), 'AZURE_OPENAI_MODEL_VERSION', parameters('azureOpenAIModelVersion'), 'AZURE_OPENAI_TEMPERATURE', parameters('azureOpenAITemperature'), 'AZURE_OPENAI_TOP_P', parameters('azureOpenAITopP'), 'AZURE_OPENAI_MAX_TOKENS', parameters('azureOpenAIMaxTokens'), 'AZURE_OPENAI_STOP_SEQUENCE', parameters('azureOpenAIStopSequence'), 'AZURE_OPENAI_SYSTEM_MESSAGE', parameters('azureOpenAISystemMessage'), 'AZURE_OPENAI_API_VERSION', parameters('azureOpenAIApiVersion'), 'AZURE_OPENAI_STREAM', parameters('azureOpenAIStream'), 'AZURE_OPENAI_EMBEDDING_MODEL', parameters('azureOpenAIEmbeddingModel'), 'AZURE_OPENAI_EMBEDDING_MODEL_NAME', parameters('azureOpenAIEmbeddingModelName'), 'AZURE_OPENAI_EMBEDDING_MODEL_VERSION', parameters('azureOpenAIEmbeddingModelVersion'), 'USE_ADVANCED_IMAGE_PROCESSING', parameters('useAdvancedImageProcessing'), 'BACKEND_URL', format('https://{0}.azurewebsites.net', parameters('functionName')), 'DOCUMENT_PROCESSING_QUEUE_NAME', variables('queueName'), 'FUNCTION_KEY', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.FUNCTION_KEY.value, 'ORCHESTRATION_STRATEGY', parameters('orchestrationStrategy'), 'CONVERSATION_FLOW', parameters('conversationFlow'), 'LOGLEVEL', parameters('logLevel'), 'DATABASE_TYPE', parameters('databaseType'), 'USE_KEY_VAULT', 'true'), if(equals(parameters('databaseType'), 'CosmosDB'), createObject('AZURE_SEARCH_SERVICE', format('https://{0}.search.windows.net', parameters('azureAISearchName')), 'AZURE_SEARCH_INDEX', parameters('azureSearchIndex'), 'AZURE_SEARCH_USE_SEMANTIC_SEARCH', parameters('azureSearchUseSemanticSearch'), 'AZURE_SEARCH_SEMANTIC_SEARCH_CONFIG', parameters('azureSearchSemanticSearchConfig'), 'AZURE_SEARCH_INDEX_IS_PRECHUNKED', parameters('azureSearchIndexIsPrechunked'), 'AZURE_SEARCH_TOP_K', parameters('azureSearchTopK'), 'AZURE_SEARCH_ENABLE_IN_DOMAIN', parameters('azureSearchEnableInDomain'), 'AZURE_SEARCH_FILENAME_COLUMN', parameters('azureSearchFilenameColumn'), 'AZURE_SEARCH_FILTER', parameters('azureSearchFilter'), 'AZURE_SEARCH_FIELDS_ID', parameters('azureSearchFieldId'), 'AZURE_SEARCH_CONTENT_COLUMN', parameters('azureSearchContentColumn'), 'AZURE_SEARCH_CONTENT_VECTOR_COLUMN', parameters('azureSearchVectorColumn'), 'AZURE_SEARCH_TITLE_COLUMN', parameters('azureSearchTitleColumn'), 'AZURE_SEARCH_FIELDS_METADATA', parameters('azureSearchFieldsMetadata'), 'AZURE_SEARCH_SOURCE_COLUMN', parameters('azureSearchSourceColumn'), 'AZURE_SEARCH_TEXT_COLUMN', if(parameters('azureSearchUseIntegratedVectorization'), parameters('azureSearchTextColumn'), ''), 'AZURE_SEARCH_LAYOUT_TEXT_COLUMN', if(parameters('azureSearchUseIntegratedVectorization'), parameters('azureSearchLayoutTextColumn'), ''), 'AZURE_SEARCH_CHUNK_COLUMN', parameters('azureSearchChunkColumn'), 'AZURE_SEARCH_OFFSET_COLUMN', parameters('azureSearchOffsetColumn'), 'AZURE_SEARCH_URL_COLUMN', parameters('azureSearchUrlColumn'), 'AZURE_SEARCH_DATASOURCE_NAME', parameters('azureSearchDatasource'), 'AZURE_SEARCH_INDEXER_NAME', parameters('azureSearchIndexer'), 'AZURE_SEARCH_USE_INTEGRATED_VECTORIZATION', parameters('azureSearchUseIntegratedVectorization')), if(equals(parameters('databaseType'), 'PostgreSQL'), createObject('AZURE_POSTGRESQL_HOST_NAME', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql'), '2022-09-01').outputs.postgresDbOutput.value.postgreSQLServerName, 'AZURE_POSTGRESQL_DATABASE_NAME', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql'), '2022-09-01').outputs.postgresDbOutput.value.postgreSQLDatabaseName, 'AZURE_POSTGRESQL_USER', parameters('adminWebsiteName')), createObject())))]" } }, "template": { @@ -4902,7 +4425,7 @@ "_generator": { "name": "bicep", "version": "0.36.1.42791", - "templateHash": "6540240067745016665" + "templateHash": "1039793222387015566" } }, "parameters": { @@ -4917,18 +4440,6 @@ "type": "object", "defaultValue": {} }, - "storageAccountName": { - "type": "string", - "defaultValue": "" - }, - "formRecognizerName": { - "type": "string", - "defaultValue": "" - }, - "contentSafetyName": { - "type": "string", - "defaultValue": "" - }, "allowedOrigins": { "type": "array", "defaultValue": [] @@ -4956,60 +4467,10 @@ "type": "string", "defaultValue": "" }, - "azureOpenAIName": { - "type": "string", - "defaultValue": "" - }, - "azureAISearchName": { - "type": "string", - "defaultValue": "" - }, - "speechServiceName": { - "type": "string", - "defaultValue": "" - }, - "computerVisionName": { - "type": "string", - "defaultValue": "" - }, "appSettings": { "type": "secureObject", "defaultValue": {} }, - "useKeyVault": { - "type": "bool" - }, - "openAIKeyName": { - "type": "string", - "defaultValue": "" - }, - "storageAccountKeyName": { - "type": "string", - "defaultValue": "" - }, - "formRecognizerKeyName": { - "type": "string", - "defaultValue": "" - }, - "searchKeyName": { - "type": "string", - "defaultValue": "" - }, - "computerVisionKeyName": { - "type": "string", - "defaultValue": "" - }, - "contentSafetyKeyName": { - "type": "string", - "defaultValue": "" - }, - "speechKeyName": { - "type": "string", - "defaultValue": "" - }, - "authType": { - "type": "string" - }, "dockerFullImageName": { "type": "string", "defaultValue": "" @@ -5017,10 +4478,6 @@ "useDocker": { "type": "bool", "defaultValue": "[not(equals(parameters('dockerFullImageName'), ''))]" - }, - "databaseType": { - "type": "string", - "defaultValue": "CosmosDB" } }, "resources": [ @@ -5067,10 +4524,10 @@ "value": "[parameters('appServicePlanId')]" }, "managedIdentity": { - "value": "[or(equals(parameters('databaseType'), 'PostgreSQL'), not(empty(parameters('keyVaultName'))))]" + "value": "[not(empty(parameters('keyVaultName')))]" }, "appSettings": { - "value": "[union(parameters('appSettings'), createObject('AZURE_AUTH_TYPE', parameters('authType'), 'USE_KEY_VAULT', if(parameters('useKeyVault'), parameters('useKeyVault'), ''), 'AZURE_OPENAI_API_KEY', if(parameters('useKeyVault'), parameters('openAIKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('azureOpenAIName')), '2023-05-01').key1), 'AZURE_SEARCH_KEY', if(parameters('useKeyVault'), parameters('searchKeyName'), if(not(equals(parameters('azureAISearchName'), '')), listAdminKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Search/searchServices', parameters('azureAISearchName')), '2021-04-01-preview').primaryKey, '')), 'AZURE_BLOB_ACCOUNT_KEY', if(parameters('useKeyVault'), parameters('storageAccountKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2021-09-01').keys[0].value), 'AZURE_FORM_RECOGNIZER_KEY', if(parameters('useKeyVault'), parameters('formRecognizerKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('formRecognizerName')), '2023-05-01').key1), 'AZURE_CONTENT_SAFETY_KEY', if(parameters('useKeyVault'), parameters('contentSafetyKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('contentSafetyName')), '2023-05-01').key1), 'AZURE_SPEECH_SERVICE_KEY', if(parameters('useKeyVault'), parameters('speechKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('speechServiceName')), '2023-05-01').key1), 'AZURE_COMPUTER_VISION_KEY', if(or(parameters('useKeyVault'), equals(parameters('computerVisionName'), '')), parameters('computerVisionKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('computerVisionName')), '2023-05-01').key1)))]" + "value": "[parameters('appSettings')]" } }, "template": { @@ -5080,7 +4537,7 @@ "_generator": { "name": "bicep", "version": "0.36.1.42791", - "templateHash": "7056589812564712804" + "templateHash": "17297314312801200043" }, "description": "Creates an Azure App Service in an existing Azure App Service plan." }, @@ -5109,7 +4566,7 @@ }, "managedIdentity": { "type": "bool", - "defaultValue": "[not(empty(parameters('keyVaultName')))]" + "defaultValue": true }, "runtimeName": { "type": "string", @@ -5358,7 +4815,6 @@ } }, { - "condition": "[equals(parameters('authType'), 'rbac')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "storage-role-backend", @@ -5427,7 +4883,6 @@ ] }, { - "condition": "[equals(parameters('authType'), 'rbac')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "openai-role-backend", @@ -5496,7 +4951,6 @@ ] }, { - "condition": "[equals(parameters('authType'), 'rbac')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "openai-role-backend-contributor", @@ -5565,7 +5019,6 @@ ] }, { - "condition": "[equals(parameters('authType'), 'rbac')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "search-role-backend", @@ -5634,7 +5087,6 @@ ] }, { - "condition": "[parameters('useKeyVault')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "adminweb-keyvault-access", @@ -5729,12 +5181,8 @@ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('hostingPlanName'))]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'keyvault')]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'monitoring')]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql')]", "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('rgName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('speechServiceName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName'))]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys')]" ] }, @@ -5768,42 +5216,11 @@ "applicationInsightsName": { "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.applicationInsightsName.value]" }, - "azureOpenAIName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.name.value]" - }, - "azureAISearchName": "[if(equals(parameters('databaseType'), 'CosmosDB'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.name.value), createObject('value', ''))]", - "storageAccountName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.name.value]" - }, - "formRecognizerName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.name.value]" - }, - "contentSafetyName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.name.value]" - }, - "speechServiceName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('speechServiceName')), '2022-09-01').outputs.name.value]" - }, - "computerVisionName": "[if(parameters('useAdvancedImageProcessing'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.name.value), createObject('value', ''))]", - "openAIKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.OPENAI_KEY_NAME.value), createObject('value', ''))]", - "storageAccountKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.STORAGE_ACCOUNT_KEY_NAME.value), createObject('value', ''))]", - "formRecognizerKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.FORM_RECOGNIZER_KEY_NAME.value), createObject('value', ''))]", - "searchKeyName": "[if(and(parameters('useKeyVault'), equals(parameters('databaseType'), 'CosmosDB')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SEARCH_KEY_NAME.value), createObject('value', ''))]", - "contentSafetyKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.CONTENT_SAFETY_KEY_NAME.value), createObject('value', ''))]", - "speechKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SPEECH_KEY_NAME.value), createObject('value', ''))]", - "computerVisionKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COMPUTER_VISION_KEY_NAME.value), createObject('value', ''))]", - "useKeyVault": { - "value": "[parameters('useKeyVault')]" - }, - "keyVaultName": "[if(or(parameters('useKeyVault'), equals(parameters('authType'), 'rbac')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value), createObject('value', ''))]", - "authType": { - "value": "[parameters('authType')]" - }, - "databaseType": { - "value": "[parameters('databaseType')]" + "keyVaultName": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value]" }, "appSettings": { - "value": "[union(createObject('AZURE_BLOB_ACCOUNT_NAME', parameters('storageAccountName'), 'AZURE_BLOB_CONTAINER_NAME', variables('blobContainerName'), 'AZURE_FORM_RECOGNIZER_ENDPOINT', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.endpoint.value, 'AZURE_COMPUTER_VISION_ENDPOINT', if(parameters('useAdvancedImageProcessing'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.endpoint.value, ''), 'AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_API_VERSION', parameters('computerVisionVectorizeImageApiVersion'), 'AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_MODEL_VERSION', parameters('computerVisionVectorizeImageModelVersion'), 'AZURE_CONTENT_SAFETY_ENDPOINT', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.endpoint.value, 'AZURE_OPENAI_RESOURCE', parameters('azureOpenAIResourceName'), 'AZURE_OPENAI_MODEL', parameters('azureOpenAIModel'), 'AZURE_OPENAI_MODEL_NAME', parameters('azureOpenAIModelName'), 'AZURE_OPENAI_MODEL_VERSION', parameters('azureOpenAIModelVersion'), 'AZURE_OPENAI_TEMPERATURE', parameters('azureOpenAITemperature'), 'AZURE_OPENAI_TOP_P', parameters('azureOpenAITopP'), 'AZURE_OPENAI_MAX_TOKENS', parameters('azureOpenAIMaxTokens'), 'AZURE_OPENAI_STOP_SEQUENCE', parameters('azureOpenAIStopSequence'), 'AZURE_OPENAI_SYSTEM_MESSAGE', parameters('azureOpenAISystemMessage'), 'AZURE_OPENAI_API_VERSION', parameters('azureOpenAIApiVersion'), 'AZURE_OPENAI_STREAM', parameters('azureOpenAIStream'), 'AZURE_OPENAI_EMBEDDING_MODEL', parameters('azureOpenAIEmbeddingModel'), 'AZURE_OPENAI_EMBEDDING_MODEL_NAME', parameters('azureOpenAIEmbeddingModelName'), 'AZURE_OPENAI_EMBEDDING_MODEL_VERSION', parameters('azureOpenAIEmbeddingModelVersion'), 'USE_ADVANCED_IMAGE_PROCESSING', parameters('useAdvancedImageProcessing'), 'BACKEND_URL', format('https://{0}-docker.azurewebsites.net', parameters('functionName')), 'DOCUMENT_PROCESSING_QUEUE_NAME', variables('queueName'), 'FUNCTION_KEY', variables('clientKey'), 'ORCHESTRATION_STRATEGY', parameters('orchestrationStrategy'), 'CONVERSATION_FLOW', parameters('conversationFlow'), 'LOGLEVEL', parameters('logLevel'), 'DATABASE_TYPE', parameters('databaseType')), if(equals(parameters('databaseType'), 'CosmosDB'), createObject('AZURE_SEARCH_SERVICE', format('https://{0}.search.windows.net', parameters('azureAISearchName')), 'AZURE_SEARCH_INDEX', parameters('azureSearchIndex'), 'AZURE_SEARCH_USE_SEMANTIC_SEARCH', parameters('azureSearchUseSemanticSearch'), 'AZURE_SEARCH_SEMANTIC_SEARCH_CONFIG', parameters('azureSearchSemanticSearchConfig'), 'AZURE_SEARCH_INDEX_IS_PRECHUNKED', parameters('azureSearchIndexIsPrechunked'), 'AZURE_SEARCH_TOP_K', parameters('azureSearchTopK'), 'AZURE_SEARCH_ENABLE_IN_DOMAIN', parameters('azureSearchEnableInDomain'), 'AZURE_SEARCH_FILENAME_COLUMN', parameters('azureSearchFilenameColumn'), 'AZURE_SEARCH_FILTER', parameters('azureSearchFilter'), 'AZURE_SEARCH_FIELDS_ID', parameters('azureSearchFieldId'), 'AZURE_SEARCH_CONTENT_COLUMN', parameters('azureSearchContentColumn'), 'AZURE_SEARCH_CONTENT_VECTOR_COLUMN', parameters('azureSearchVectorColumn'), 'AZURE_SEARCH_TITLE_COLUMN', parameters('azureSearchTitleColumn'), 'AZURE_SEARCH_FIELDS_METADATA', parameters('azureSearchFieldsMetadata'), 'AZURE_SEARCH_SOURCE_COLUMN', parameters('azureSearchSourceColumn'), 'AZURE_SEARCH_TEXT_COLUMN', if(parameters('azureSearchUseIntegratedVectorization'), parameters('azureSearchTextColumn'), ''), 'AZURE_SEARCH_LAYOUT_TEXT_COLUMN', if(parameters('azureSearchUseIntegratedVectorization'), parameters('azureSearchLayoutTextColumn'), ''), 'AZURE_SEARCH_CHUNK_COLUMN', parameters('azureSearchChunkColumn'), 'AZURE_SEARCH_OFFSET_COLUMN', parameters('azureSearchOffsetColumn'), 'AZURE_SEARCH_URL_COLUMN', parameters('azureSearchUrlColumn'), 'AZURE_SEARCH_DATASOURCE_NAME', parameters('azureSearchDatasource'), 'AZURE_SEARCH_INDEXER_NAME', parameters('azureSearchIndexer'), 'AZURE_SEARCH_USE_INTEGRATED_VECTORIZATION', parameters('azureSearchUseIntegratedVectorization')), if(equals(parameters('databaseType'), 'PostgreSQL'), createObject('AZURE_POSTGRESQL_HOST_NAME', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql'), '2022-09-01').outputs.postgresDbOutput.value.postgreSQLServerName, 'AZURE_POSTGRESQL_DATABASE_NAME', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql'), '2022-09-01').outputs.postgresDbOutput.value.postgreSQLDatabaseName, 'AZURE_POSTGRESQL_USER', format('{0}-docker', parameters('adminWebsiteName'))), createObject())))]" + "value": "[union(createObject('AZURE_BLOB_ACCOUNT_NAME', parameters('storageAccountName'), 'AZURE_BLOB_CONTAINER_NAME', variables('blobContainerName'), 'AZURE_FORM_RECOGNIZER_ENDPOINT', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.endpoint.value, 'AZURE_COMPUTER_VISION_ENDPOINT', if(parameters('useAdvancedImageProcessing'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.endpoint.value, ''), 'AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_API_VERSION', parameters('computerVisionVectorizeImageApiVersion'), 'AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_MODEL_VERSION', parameters('computerVisionVectorizeImageModelVersion'), 'AZURE_CONTENT_SAFETY_ENDPOINT', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.endpoint.value, 'AZURE_OPENAI_RESOURCE', parameters('azureOpenAIResourceName'), 'AZURE_OPENAI_MODEL', parameters('azureOpenAIModel'), 'AZURE_OPENAI_MODEL_NAME', parameters('azureOpenAIModelName'), 'AZURE_OPENAI_MODEL_VERSION', parameters('azureOpenAIModelVersion'), 'AZURE_OPENAI_TEMPERATURE', parameters('azureOpenAITemperature'), 'AZURE_OPENAI_TOP_P', parameters('azureOpenAITopP'), 'AZURE_OPENAI_MAX_TOKENS', parameters('azureOpenAIMaxTokens'), 'AZURE_OPENAI_STOP_SEQUENCE', parameters('azureOpenAIStopSequence'), 'AZURE_OPENAI_SYSTEM_MESSAGE', parameters('azureOpenAISystemMessage'), 'AZURE_OPENAI_API_VERSION', parameters('azureOpenAIApiVersion'), 'AZURE_OPENAI_STREAM', parameters('azureOpenAIStream'), 'AZURE_OPENAI_EMBEDDING_MODEL', parameters('azureOpenAIEmbeddingModel'), 'AZURE_OPENAI_EMBEDDING_MODEL_NAME', parameters('azureOpenAIEmbeddingModelName'), 'AZURE_OPENAI_EMBEDDING_MODEL_VERSION', parameters('azureOpenAIEmbeddingModelVersion'), 'USE_ADVANCED_IMAGE_PROCESSING', parameters('useAdvancedImageProcessing'), 'BACKEND_URL', format('https://{0}-docker.azurewebsites.net', parameters('functionName')), 'DOCUMENT_PROCESSING_QUEUE_NAME', variables('queueName'), 'FUNCTION_KEY', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.FUNCTION_KEY.value, 'ORCHESTRATION_STRATEGY', parameters('orchestrationStrategy'), 'CONVERSATION_FLOW', parameters('conversationFlow'), 'LOGLEVEL', parameters('logLevel'), 'DATABASE_TYPE', parameters('databaseType'), 'USE_KEY_VAULT', 'true'), if(equals(parameters('databaseType'), 'CosmosDB'), createObject('AZURE_SEARCH_SERVICE', format('https://{0}.search.windows.net', parameters('azureAISearchName')), 'AZURE_SEARCH_INDEX', parameters('azureSearchIndex'), 'AZURE_SEARCH_USE_SEMANTIC_SEARCH', parameters('azureSearchUseSemanticSearch'), 'AZURE_SEARCH_SEMANTIC_SEARCH_CONFIG', parameters('azureSearchSemanticSearchConfig'), 'AZURE_SEARCH_INDEX_IS_PRECHUNKED', parameters('azureSearchIndexIsPrechunked'), 'AZURE_SEARCH_TOP_K', parameters('azureSearchTopK'), 'AZURE_SEARCH_ENABLE_IN_DOMAIN', parameters('azureSearchEnableInDomain'), 'AZURE_SEARCH_FILENAME_COLUMN', parameters('azureSearchFilenameColumn'), 'AZURE_SEARCH_FILTER', parameters('azureSearchFilter'), 'AZURE_SEARCH_FIELDS_ID', parameters('azureSearchFieldId'), 'AZURE_SEARCH_CONTENT_COLUMN', parameters('azureSearchContentColumn'), 'AZURE_SEARCH_CONTENT_VECTOR_COLUMN', parameters('azureSearchVectorColumn'), 'AZURE_SEARCH_TITLE_COLUMN', parameters('azureSearchTitleColumn'), 'AZURE_SEARCH_FIELDS_METADATA', parameters('azureSearchFieldsMetadata'), 'AZURE_SEARCH_SOURCE_COLUMN', parameters('azureSearchSourceColumn'), 'AZURE_SEARCH_TEXT_COLUMN', if(parameters('azureSearchUseIntegratedVectorization'), parameters('azureSearchTextColumn'), ''), 'AZURE_SEARCH_LAYOUT_TEXT_COLUMN', if(parameters('azureSearchUseIntegratedVectorization'), parameters('azureSearchLayoutTextColumn'), ''), 'AZURE_SEARCH_CHUNK_COLUMN', parameters('azureSearchChunkColumn'), 'AZURE_SEARCH_OFFSET_COLUMN', parameters('azureSearchOffsetColumn'), 'AZURE_SEARCH_URL_COLUMN', parameters('azureSearchUrlColumn'), 'AZURE_SEARCH_DATASOURCE_NAME', parameters('azureSearchDatasource'), 'AZURE_SEARCH_INDEXER_NAME', parameters('azureSearchIndexer'), 'AZURE_SEARCH_USE_INTEGRATED_VECTORIZATION', parameters('azureSearchUseIntegratedVectorization')), if(equals(parameters('databaseType'), 'PostgreSQL'), createObject('AZURE_POSTGRESQL_HOST_NAME', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql'), '2022-09-01').outputs.postgresDbOutput.value.postgreSQLServerName, 'AZURE_POSTGRESQL_DATABASE_NAME', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql'), '2022-09-01').outputs.postgresDbOutput.value.postgreSQLDatabaseName, 'AZURE_POSTGRESQL_USER', format('{0}-docker', parameters('adminWebsiteName'))), createObject())))]" } }, "template": { @@ -5813,7 +5230,7 @@ "_generator": { "name": "bicep", "version": "0.36.1.42791", - "templateHash": "6540240067745016665" + "templateHash": "1039793222387015566" } }, "parameters": { @@ -5828,98 +5245,36 @@ "type": "object", "defaultValue": {} }, - "storageAccountName": { - "type": "string", - "defaultValue": "" - }, - "formRecognizerName": { - "type": "string", - "defaultValue": "" - }, - "contentSafetyName": { - "type": "string", - "defaultValue": "" - }, - "allowedOrigins": { - "type": "array", - "defaultValue": [] - }, - "appServicePlanId": { - "type": "string" - }, - "appCommandLine": { - "type": "string", - "defaultValue": "python -m streamlit run Admin.py --server.port 8000 --server.address 0.0.0.0 --server.enableXsrfProtection false" - }, - "runtimeName": { - "type": "string", - "defaultValue": "python" - }, - "runtimeVersion": { - "type": "string", - "defaultValue": "" - }, - "applicationInsightsName": { - "type": "string", - "defaultValue": "" - }, - "keyVaultName": { - "type": "string", - "defaultValue": "" - }, - "azureOpenAIName": { - "type": "string", - "defaultValue": "" - }, - "azureAISearchName": { - "type": "string", - "defaultValue": "" - }, - "speechServiceName": { - "type": "string", - "defaultValue": "" - }, - "computerVisionName": { - "type": "string", - "defaultValue": "" - }, - "appSettings": { - "type": "secureObject", - "defaultValue": {} - }, - "useKeyVault": { - "type": "bool" - }, - "openAIKeyName": { - "type": "string", - "defaultValue": "" + "allowedOrigins": { + "type": "array", + "defaultValue": [] }, - "storageAccountKeyName": { - "type": "string", - "defaultValue": "" + "appServicePlanId": { + "type": "string" }, - "formRecognizerKeyName": { + "appCommandLine": { "type": "string", - "defaultValue": "" + "defaultValue": "python -m streamlit run Admin.py --server.port 8000 --server.address 0.0.0.0 --server.enableXsrfProtection false" }, - "searchKeyName": { + "runtimeName": { "type": "string", - "defaultValue": "" + "defaultValue": "python" }, - "computerVisionKeyName": { + "runtimeVersion": { "type": "string", "defaultValue": "" }, - "contentSafetyKeyName": { + "applicationInsightsName": { "type": "string", "defaultValue": "" }, - "speechKeyName": { + "keyVaultName": { "type": "string", "defaultValue": "" }, - "authType": { - "type": "string" + "appSettings": { + "type": "secureObject", + "defaultValue": {} }, "dockerFullImageName": { "type": "string", @@ -5928,10 +5283,6 @@ "useDocker": { "type": "bool", "defaultValue": "[not(equals(parameters('dockerFullImageName'), ''))]" - }, - "databaseType": { - "type": "string", - "defaultValue": "CosmosDB" } }, "resources": [ @@ -5978,10 +5329,10 @@ "value": "[parameters('appServicePlanId')]" }, "managedIdentity": { - "value": "[or(equals(parameters('databaseType'), 'PostgreSQL'), not(empty(parameters('keyVaultName'))))]" + "value": "[not(empty(parameters('keyVaultName')))]" }, "appSettings": { - "value": "[union(parameters('appSettings'), createObject('AZURE_AUTH_TYPE', parameters('authType'), 'USE_KEY_VAULT', if(parameters('useKeyVault'), parameters('useKeyVault'), ''), 'AZURE_OPENAI_API_KEY', if(parameters('useKeyVault'), parameters('openAIKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('azureOpenAIName')), '2023-05-01').key1), 'AZURE_SEARCH_KEY', if(parameters('useKeyVault'), parameters('searchKeyName'), if(not(equals(parameters('azureAISearchName'), '')), listAdminKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Search/searchServices', parameters('azureAISearchName')), '2021-04-01-preview').primaryKey, '')), 'AZURE_BLOB_ACCOUNT_KEY', if(parameters('useKeyVault'), parameters('storageAccountKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2021-09-01').keys[0].value), 'AZURE_FORM_RECOGNIZER_KEY', if(parameters('useKeyVault'), parameters('formRecognizerKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('formRecognizerName')), '2023-05-01').key1), 'AZURE_CONTENT_SAFETY_KEY', if(parameters('useKeyVault'), parameters('contentSafetyKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('contentSafetyName')), '2023-05-01').key1), 'AZURE_SPEECH_SERVICE_KEY', if(parameters('useKeyVault'), parameters('speechKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('speechServiceName')), '2023-05-01').key1), 'AZURE_COMPUTER_VISION_KEY', if(or(parameters('useKeyVault'), equals(parameters('computerVisionName'), '')), parameters('computerVisionKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('computerVisionName')), '2023-05-01').key1)))]" + "value": "[parameters('appSettings')]" } }, "template": { @@ -5991,7 +5342,7 @@ "_generator": { "name": "bicep", "version": "0.36.1.42791", - "templateHash": "7056589812564712804" + "templateHash": "17297314312801200043" }, "description": "Creates an Azure App Service in an existing Azure App Service plan." }, @@ -6020,7 +5371,7 @@ }, "managedIdentity": { "type": "bool", - "defaultValue": "[not(empty(parameters('keyVaultName')))]" + "defaultValue": true }, "runtimeName": { "type": "string", @@ -6269,7 +5620,6 @@ } }, { - "condition": "[equals(parameters('authType'), 'rbac')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "storage-role-backend", @@ -6338,7 +5688,6 @@ ] }, { - "condition": "[equals(parameters('authType'), 'rbac')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "openai-role-backend", @@ -6407,7 +5756,6 @@ ] }, { - "condition": "[equals(parameters('authType'), 'rbac')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "openai-role-backend-contributor", @@ -6476,7 +5824,6 @@ ] }, { - "condition": "[equals(parameters('authType'), 'rbac')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "search-role-backend", @@ -6545,7 +5892,6 @@ ] }, { - "condition": "[parameters('useKeyVault')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "adminweb-keyvault-access", @@ -6640,12 +5986,8 @@ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('hostingPlanName'))]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'keyvault')]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'monitoring')]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql')]", "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('rgName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('speechServiceName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName'))]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys')]" ] }, @@ -8442,42 +7784,14 @@ "applicationInsightsName": { "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.applicationInsightsName.value]" }, - "azureOpenAIName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.name.value]" - }, - "azureAISearchName": "[if(equals(parameters('databaseType'), 'CosmosDB'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.name.value), createObject('value', ''))]", "storageAccountName": { "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.name.value]" }, - "formRecognizerName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.name.value]" - }, - "contentSafetyName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.name.value]" - }, - "speechServiceName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('speechServiceName')), '2022-09-01').outputs.name.value]" - }, - "computerVisionName": "[if(parameters('useAdvancedImageProcessing'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.name.value), createObject('value', ''))]", "clientKey": { "value": "[variables('clientKey')]" }, - "openAIKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.OPENAI_KEY_NAME.value), createObject('value', ''))]", - "storageAccountKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.STORAGE_ACCOUNT_KEY_NAME.value), createObject('value', ''))]", - "formRecognizerKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.FORM_RECOGNIZER_KEY_NAME.value), createObject('value', ''))]", - "searchKeyName": "[if(and(parameters('useKeyVault'), equals(parameters('databaseType'), 'CosmosDB')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SEARCH_KEY_NAME.value), createObject('value', ''))]", - "contentSafetyKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.CONTENT_SAFETY_KEY_NAME.value), createObject('value', ''))]", - "speechKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SPEECH_KEY_NAME.value), createObject('value', ''))]", - "computerVisionKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COMPUTER_VISION_KEY_NAME.value), createObject('value', ''))]", - "useKeyVault": { - "value": "[parameters('useKeyVault')]" - }, - "keyVaultName": "[if(or(parameters('useKeyVault'), equals(parameters('authType'), 'rbac')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value), createObject('value', ''))]", - "authType": { - "value": "[parameters('authType')]" - }, - "databaseType": { - "value": "[parameters('databaseType')]" + "keyVaultName": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value]" }, "appSettings": { "value": "[union(createObject('AZURE_BLOB_ACCOUNT_NAME', parameters('storageAccountName'), 'AZURE_BLOB_CONTAINER_NAME', variables('blobContainerName'), 'AZURE_FORM_RECOGNIZER_ENDPOINT', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.endpoint.value, 'AZURE_COMPUTER_VISION_ENDPOINT', if(parameters('useAdvancedImageProcessing'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.endpoint.value, ''), 'AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_API_VERSION', parameters('computerVisionVectorizeImageApiVersion'), 'AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_MODEL_VERSION', parameters('computerVisionVectorizeImageModelVersion'), 'AZURE_CONTENT_SAFETY_ENDPOINT', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.endpoint.value, 'AZURE_OPENAI_MODEL', parameters('azureOpenAIModel'), 'AZURE_OPENAI_MODEL_NAME', parameters('azureOpenAIModelName'), 'AZURE_OPENAI_MODEL_VERSION', parameters('azureOpenAIModelVersion'), 'AZURE_OPENAI_EMBEDDING_MODEL', parameters('azureOpenAIEmbeddingModel'), 'AZURE_OPENAI_EMBEDDING_MODEL_NAME', parameters('azureOpenAIEmbeddingModelName'), 'AZURE_OPENAI_EMBEDDING_MODEL_VERSION', parameters('azureOpenAIEmbeddingModelVersion'), 'AZURE_OPENAI_RESOURCE', parameters('azureOpenAIResourceName'), 'AZURE_OPENAI_API_VERSION', parameters('azureOpenAIApiVersion'), 'USE_ADVANCED_IMAGE_PROCESSING', parameters('useAdvancedImageProcessing'), 'DOCUMENT_PROCESSING_QUEUE_NAME', variables('queueName'), 'ORCHESTRATION_STRATEGY', parameters('orchestrationStrategy'), 'LOGLEVEL', parameters('logLevel'), 'AZURE_OPENAI_SYSTEM_MESSAGE', parameters('azureOpenAISystemMessage'), 'DATABASE_TYPE', parameters('databaseType')), if(equals(parameters('databaseType'), 'CosmosDB'), createObject('AZURE_SEARCH_INDEX', parameters('azureSearchIndex'), 'AZURE_SEARCH_SERVICE', format('https://{0}.search.windows.net', parameters('azureAISearchName')), 'AZURE_SEARCH_DATASOURCE_NAME', parameters('azureSearchDatasource'), 'AZURE_SEARCH_INDEXER_NAME', parameters('azureSearchIndexer'), 'AZURE_SEARCH_USE_INTEGRATED_VECTORIZATION', parameters('azureSearchUseIntegratedVectorization'), 'AZURE_SEARCH_FIELDS_ID', parameters('azureSearchFieldId'), 'AZURE_SEARCH_CONTENT_COLUMN', parameters('azureSearchContentColumn'), 'AZURE_SEARCH_CONTENT_VECTOR_COLUMN', parameters('azureSearchVectorColumn'), 'AZURE_SEARCH_TITLE_COLUMN', parameters('azureSearchTitleColumn'), 'AZURE_SEARCH_FIELDS_METADATA', parameters('azureSearchFieldsMetadata'), 'AZURE_SEARCH_SOURCE_COLUMN', parameters('azureSearchSourceColumn'), 'AZURE_SEARCH_TEXT_COLUMN', if(parameters('azureSearchUseIntegratedVectorization'), parameters('azureSearchTextColumn'), ''), 'AZURE_SEARCH_LAYOUT_TEXT_COLUMN', if(parameters('azureSearchUseIntegratedVectorization'), parameters('azureSearchLayoutTextColumn'), ''), 'AZURE_SEARCH_CHUNK_COLUMN', parameters('azureSearchChunkColumn'), 'AZURE_SEARCH_OFFSET_COLUMN', parameters('azureSearchOffsetColumn'), 'AZURE_SEARCH_TOP_K', parameters('azureSearchTopK')), if(equals(parameters('databaseType'), 'PostgreSQL'), createObject('AZURE_POSTGRESQL_HOST_NAME', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql'), '2022-09-01').outputs.postgresDbOutput.value.postgreSQLServerName, 'AZURE_POSTGRESQL_DATABASE_NAME', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql'), '2022-09-01').outputs.postgresDbOutput.value.postgreSQLDatabaseName, 'AZURE_POSTGRESQL_USER', parameters('functionName')), createObject())))]" @@ -8485,13 +7799,12 @@ }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.36.1.42791", - "templateHash": "4946337189154540704" + "templateHash": "15907054814625845900" } }, "parameters": { @@ -8536,74 +7849,13 @@ "type": "string", "defaultValue": "" }, - "azureOpenAIName": { - "type": "string", - "defaultValue": "" - }, - "azureAISearchName": { - "type": "string", - "defaultValue": "" - }, - "formRecognizerName": { - "type": "string", - "defaultValue": "" - }, - "contentSafetyName": { - "type": "string", - "defaultValue": "" - }, - "speechServiceName": { - "type": "string", - "defaultValue": "" - }, - "computerVisionName": { - "type": "string", - "defaultValue": "" - }, - "useKeyVault": { - "type": "bool" - }, - "openAIKeyName": { - "type": "string", - "defaultValue": "" - }, - "storageAccountKeyName": { - "type": "string", - "defaultValue": "" - }, - "formRecognizerKeyName": { - "type": "string", - "defaultValue": "" - }, - "searchKeyName": { - "type": "string", - "defaultValue": "" - }, - "computerVisionKeyName": { - "type": "string", - "defaultValue": "" - }, - "contentSafetyKeyName": { - "type": "string", - "defaultValue": "" - }, - "speechKeyName": { - "type": "string", - "defaultValue": "" - }, - "authType": { - "type": "string" - }, "dockerFullImageName": { "type": "string", "defaultValue": "" - }, - "databaseType": { - "type": "string" } }, - "resources": { - "functionNameDefaultClientKey": { + "resources": [ + { "type": "Microsoft.Web/sites/host/functionKeys", "apiVersion": "2018-11-01", "name": "[format('{0}/default/clientKey', parameters('name'))]", @@ -8612,11 +7864,11 @@ "value": "[parameters('clientKey')]" }, "dependsOn": [ - "function", - "waitFunctionDeploymentSection" + "[resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name')))]", + "[resourceId('Microsoft.Resources/deploymentScripts', 'WaitFunctionDeploymentSection')]" ] }, - "waitFunctionDeploymentSection": { + { "type": "Microsoft.Resources/deploymentScripts", "apiVersion": "2020-10-01", "name": "WaitFunctionDeploymentSection", @@ -8629,10 +7881,10 @@ "retentionInterval": "PT1H" }, "dependsOn": [ - "function" + "[resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name')))]" ] }, - "function": { + { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-app-module', parameters('name'))]", @@ -8672,25 +7924,21 @@ "dockerFullImageName": { "value": "[parameters('dockerFullImageName')]" }, - "useKeyVault": { - "value": "[parameters('useKeyVault')]" - }, "managedIdentity": { - "value": "[or(equals(parameters('databaseType'), 'PostgreSQL'), not(empty(parameters('keyVaultName'))))]" + "value": "[not(empty(parameters('keyVaultName')))]" }, "appSettings": { - "value": "[union(parameters('appSettings'), createObject('WEBSITES_ENABLE_APP_SERVICE_STORAGE', 'false', 'AZURE_AUTH_TYPE', parameters('authType'), 'USE_KEY_VAULT', if(parameters('useKeyVault'), parameters('useKeyVault'), ''), 'AZURE_OPENAI_API_KEY', if(parameters('useKeyVault'), parameters('openAIKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('azureOpenAIName')), '2023-05-01').key1), 'AZURE_SEARCH_KEY', if(parameters('useKeyVault'), parameters('searchKeyName'), if(not(equals(parameters('azureAISearchName'), '')), listAdminKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Search/searchServices', parameters('azureAISearchName')), '2021-04-01-preview').primaryKey, '')), 'AZURE_BLOB_ACCOUNT_KEY', if(parameters('useKeyVault'), parameters('storageAccountKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2021-09-01').keys[0].value), 'AZURE_FORM_RECOGNIZER_KEY', if(parameters('useKeyVault'), parameters('formRecognizerKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('formRecognizerName')), '2023-05-01').key1), 'AZURE_CONTENT_SAFETY_KEY', if(parameters('useKeyVault'), parameters('contentSafetyKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('contentSafetyName')), '2023-05-01').key1), 'AZURE_SPEECH_SERVICE_KEY', if(parameters('useKeyVault'), parameters('speechKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('speechServiceName')), '2023-05-01').key1), 'AZURE_COMPUTER_VISION_KEY', if(or(parameters('useKeyVault'), equals(parameters('computerVisionName'), '')), parameters('computerVisionKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('computerVisionName')), '2023-05-01').key1)))]" + "value": "[parameters('appSettings')]" } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.36.1.42791", - "templateHash": "1623075402073661527" + "templateHash": "14064779471734903875" }, "description": "Creates an Azure Function in an existing Azure App Service plan." }, @@ -8719,14 +7967,11 @@ }, "managedIdentity": { "type": "bool", - "defaultValue": "[not(empty(parameters('keyVaultName')))]" + "defaultValue": true }, "storageAccountName": { "type": "string" }, - "useKeyVault": { - "type": "bool" - }, "runtimeName": { "type": "string", "allowedValues": [ @@ -8814,14 +8059,8 @@ "defaultValue": "[if(parameters('useDocker'), false(), contains(parameters('kind'), 'linux'))]" } }, - "resources": { - "storage": { - "existing": true, - "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2021-09-01", - "name": "[parameters('storageAccountName')]" - }, - "functions": { + "resources": [ + { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-functions', parameters('name'))]", @@ -8854,7 +8093,7 @@ "value": "[parameters('appServicePlanId')]" }, "appSettings": { - "value": "[union(parameters('appSettings'), createObject('FUNCTIONS_EXTENSION_VERSION', parameters('extensionVersion')), if(not(parameters('useDocker')), createObject('FUNCTIONS_WORKER_RUNTIME', parameters('runtimeName')), createObject()), if(parameters('useKeyVault'), createObject('AzureWebJobsStorage', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};EndpointSuffix={2}', parameters('storageAccountName'), listKeys('storage', '2021-09-01').keys[0].value, environment().suffixes.storage)), createObject('AzureWebJobsStorage__accountName', parameters('storageAccountName'))))]" + "value": "[union(parameters('appSettings'), createObject('FUNCTIONS_EXTENSION_VERSION', parameters('extensionVersion')), if(not(parameters('useDocker')), createObject('FUNCTIONS_WORKER_RUNTIME', parameters('runtimeName')), createObject()), createObject('AzureWebJobsStorage__accountName', parameters('storageAccountName')))]" }, "clientAffinityEnabled": { "value": "[parameters('clientAffinityEnabled')]" @@ -8907,7 +8146,7 @@ "_generator": { "name": "bicep", "version": "0.36.1.42791", - "templateHash": "7056589812564712804" + "templateHash": "17297314312801200043" }, "description": "Creates an Azure App Service in an existing Azure App Service plan." }, @@ -8936,7 +8175,7 @@ }, "managedIdentity": { "type": "bool", - "defaultValue": "[not(empty(parameters('keyVaultName')))]" + "defaultValue": true }, "runtimeName": { "type": "string", @@ -9184,7 +8423,7 @@ } } }, - "storageBlobRoleFunction": { + { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "storage-blob-role-function", @@ -9195,7 +8434,7 @@ "mode": "Incremental", "parameters": { "principalId": { - "value": "[reference('functions').outputs.identityPrincipalId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-functions', parameters('name'))), '2022-09-01').outputs.identityPrincipalId.value]" }, "roleDefinitionId": { "value": "ba92f5b4-2d11-453d-a403-e96b0029c9fe" @@ -9249,33 +8488,32 @@ } }, "dependsOn": [ - "functions" + "[resourceId('Microsoft.Resources/deployments', format('{0}-functions', parameters('name')))]" ] } - }, + ], "outputs": { "identityPrincipalId": { "type": "string", - "value": "[if(parameters('managedIdentity'), reference('functions').outputs.identityPrincipalId.value, '')]" + "value": "[if(parameters('managedIdentity'), reference(resourceId('Microsoft.Resources/deployments', format('{0}-functions', parameters('name'))), '2022-09-01').outputs.identityPrincipalId.value, '')]" }, "name": { "type": "string", - "value": "[reference('functions').outputs.name.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-functions', parameters('name'))), '2022-09-01').outputs.name.value]" }, "uri": { "type": "string", - "value": "[reference('functions').outputs.uri.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-functions', parameters('name'))), '2022-09-01').outputs.uri.value]" }, "azureWebJobsStorage": { "type": "string", - "value": "[if(parameters('useKeyVault'), format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};EndpointSuffix={2}', parameters('storageAccountName'), listKeys('storage', '2021-09-01').keys[0].value, environment().suffixes.storage), parameters('storageAccountName'))]" + "value": "[parameters('storageAccountName')]" } } } } }, - "openAIRoleFunction": { - "condition": "[equals(parameters('authType'), 'rbac')]", + { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "openai-role-function", @@ -9286,7 +8524,7 @@ "mode": "Incremental", "parameters": { "principalId": { - "value": "[reference('function').outputs.identityPrincipalId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name'))), '2022-09-01').outputs.identityPrincipalId.value]" }, "roleDefinitionId": { "value": "a97b65f3-24c7-4388-baec-2e87135dc908" @@ -9340,11 +8578,10 @@ } }, "dependsOn": [ - "function" + "[resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name')))]" ] }, - "openAIRoleFunctionContributor": { - "condition": "[equals(parameters('authType'), 'rbac')]", + { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "openai-role-function-contributor", @@ -9355,7 +8592,7 @@ "mode": "Incremental", "parameters": { "principalId": { - "value": "[reference('function').outputs.identityPrincipalId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name'))), '2022-09-01').outputs.identityPrincipalId.value]" }, "roleDefinitionId": { "value": "b24988ac-6180-42a0-ab88-20f7382dd24c" @@ -9409,11 +8646,10 @@ } }, "dependsOn": [ - "function" + "[resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name')))]" ] }, - "searchRoleFunction": { - "condition": "[equals(parameters('authType'), 'rbac')]", + { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "search-role-function", @@ -9424,7 +8660,7 @@ "mode": "Incremental", "parameters": { "principalId": { - "value": "[reference('function').outputs.identityPrincipalId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name'))), '2022-09-01').outputs.identityPrincipalId.value]" }, "roleDefinitionId": { "value": "8ebe5a00-799e-43f5-93ac-243d3dce84a7" @@ -9478,11 +8714,10 @@ } }, "dependsOn": [ - "function" + "[resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name')))]" ] }, - "storageBlobRoleFunction": { - "condition": "[equals(parameters('authType'), 'rbac')]", + { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "storage-blob-role-function", @@ -9493,7 +8728,7 @@ "mode": "Incremental", "parameters": { "principalId": { - "value": "[reference('function').outputs.identityPrincipalId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name'))), '2022-09-01').outputs.identityPrincipalId.value]" }, "roleDefinitionId": { "value": "ba92f5b4-2d11-453d-a403-e96b0029c9fe" @@ -9547,11 +8782,10 @@ } }, "dependsOn": [ - "function" + "[resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name')))]" ] }, - "storageQueueRoleFunction": { - "condition": "[equals(parameters('authType'), 'rbac')]", + { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "storage-queue-role-function", @@ -9562,7 +8796,7 @@ "mode": "Incremental", "parameters": { "principalId": { - "value": "[reference('function').outputs.identityPrincipalId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name'))), '2022-09-01').outputs.identityPrincipalId.value]" }, "roleDefinitionId": { "value": "974c5e8b-45b9-4653-ba55-5f855dd0fb88" @@ -9616,11 +8850,10 @@ } }, "dependsOn": [ - "function" + "[resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name')))]" ] }, - "functionaccess": { - "condition": "[parameters('useKeyVault')]", + { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "function-keyvault-access", @@ -9634,7 +8867,7 @@ "value": "[parameters('keyVaultName')]" }, "principalId": { - "value": "[reference('function').outputs.identityPrincipalId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name'))), '2022-09-01').outputs.identityPrincipalId.value]" } }, "template": { @@ -9688,22 +8921,22 @@ } }, "dependsOn": [ - "function" + "[resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name')))]" ] } - }, + ], "outputs": { "FUNCTION_IDENTITY_PRINCIPAL_ID": { "type": "string", - "value": "[reference('function').outputs.identityPrincipalId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name'))), '2022-09-01').outputs.identityPrincipalId.value]" }, "functionName": { "type": "string", - "value": "[reference('function').outputs.name.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name'))), '2022-09-01').outputs.name.value]" }, "AzureWebJobsStorage": { "type": "string", - "value": "[reference('function').outputs.azureWebJobsStorage.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name'))), '2022-09-01').outputs.azureWebJobsStorage.value]" } } } @@ -9715,13 +8948,9 @@ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('hostingPlanName'))]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'keyvault')]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'monitoring')]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql')]", "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('rgName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('speechServiceName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys')]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName'))]" ] }, { @@ -9754,42 +8983,14 @@ "applicationInsightsName": { "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.applicationInsightsName.value]" }, - "azureOpenAIName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName')), '2022-09-01').outputs.name.value]" - }, - "azureAISearchName": "[if(equals(parameters('databaseType'), 'CosmosDB'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.name.value), createObject('value', ''))]", "storageAccountName": { "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.name.value]" }, - "formRecognizerName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.name.value]" - }, - "contentSafetyName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.name.value]" - }, - "speechServiceName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('speechServiceName')), '2022-09-01').outputs.name.value]" - }, - "computerVisionName": "[if(parameters('useAdvancedImageProcessing'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.name.value), createObject('value', ''))]", "clientKey": { "value": "[variables('clientKey')]" }, - "openAIKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.OPENAI_KEY_NAME.value), createObject('value', ''))]", - "storageAccountKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.STORAGE_ACCOUNT_KEY_NAME.value), createObject('value', ''))]", - "formRecognizerKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.FORM_RECOGNIZER_KEY_NAME.value), createObject('value', ''))]", - "searchKeyName": "[if(and(parameters('useKeyVault'), equals(parameters('databaseType'), 'CosmosDB')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SEARCH_KEY_NAME.value), createObject('value', ''))]", - "contentSafetyKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.CONTENT_SAFETY_KEY_NAME.value), createObject('value', ''))]", - "speechKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SPEECH_KEY_NAME.value), createObject('value', ''))]", - "computerVisionKeyName": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COMPUTER_VISION_KEY_NAME.value), createObject('value', ''))]", - "useKeyVault": { - "value": "[parameters('useKeyVault')]" - }, - "keyVaultName": "[if(or(parameters('useKeyVault'), equals(parameters('authType'), 'rbac')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value), createObject('value', ''))]", - "authType": { - "value": "[parameters('authType')]" - }, - "databaseType": { - "value": "[parameters('databaseType')]" + "keyVaultName": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value]" }, "appSettings": { "value": "[union(createObject('AZURE_BLOB_ACCOUNT_NAME', parameters('storageAccountName'), 'AZURE_BLOB_CONTAINER_NAME', variables('blobContainerName'), 'AZURE_FORM_RECOGNIZER_ENDPOINT', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.endpoint.value, 'AZURE_COMPUTER_VISION_ENDPOINT', if(parameters('useAdvancedImageProcessing'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.endpoint.value, ''), 'AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_API_VERSION', parameters('computerVisionVectorizeImageApiVersion'), 'AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_MODEL_VERSION', parameters('computerVisionVectorizeImageModelVersion'), 'AZURE_CONTENT_SAFETY_ENDPOINT', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.endpoint.value, 'AZURE_OPENAI_MODEL', parameters('azureOpenAIModel'), 'AZURE_OPENAI_MODEL_NAME', parameters('azureOpenAIModelName'), 'AZURE_OPENAI_MODEL_VERSION', parameters('azureOpenAIModelVersion'), 'AZURE_OPENAI_EMBEDDING_MODEL', parameters('azureOpenAIEmbeddingModel'), 'AZURE_OPENAI_EMBEDDING_MODEL_NAME', parameters('azureOpenAIEmbeddingModelName'), 'AZURE_OPENAI_EMBEDDING_MODEL_VERSION', parameters('azureOpenAIEmbeddingModelVersion'), 'AZURE_OPENAI_RESOURCE', parameters('azureOpenAIResourceName'), 'AZURE_OPENAI_API_VERSION', parameters('azureOpenAIApiVersion'), 'USE_ADVANCED_IMAGE_PROCESSING', parameters('useAdvancedImageProcessing'), 'DOCUMENT_PROCESSING_QUEUE_NAME', variables('queueName'), 'ORCHESTRATION_STRATEGY', parameters('orchestrationStrategy'), 'LOGLEVEL', parameters('logLevel'), 'AZURE_OPENAI_SYSTEM_MESSAGE', parameters('azureOpenAISystemMessage'), 'DATABASE_TYPE', parameters('databaseType')), if(equals(parameters('databaseType'), 'CosmosDB'), createObject('AZURE_SEARCH_INDEX', parameters('azureSearchIndex'), 'AZURE_SEARCH_SERVICE', format('https://{0}.search.windows.net', parameters('azureAISearchName')), 'AZURE_SEARCH_DATASOURCE_NAME', parameters('azureSearchDatasource'), 'AZURE_SEARCH_INDEXER_NAME', parameters('azureSearchIndexer'), 'AZURE_SEARCH_USE_INTEGRATED_VECTORIZATION', parameters('azureSearchUseIntegratedVectorization'), 'AZURE_SEARCH_FIELDS_ID', parameters('azureSearchFieldId'), 'AZURE_SEARCH_CONTENT_COLUMN', parameters('azureSearchContentColumn'), 'AZURE_SEARCH_CONTENT_VECTOR_COLUMN', parameters('azureSearchVectorColumn'), 'AZURE_SEARCH_TITLE_COLUMN', parameters('azureSearchTitleColumn'), 'AZURE_SEARCH_FIELDS_METADATA', parameters('azureSearchFieldsMetadata'), 'AZURE_SEARCH_SOURCE_COLUMN', parameters('azureSearchSourceColumn'), 'AZURE_SEARCH_TEXT_COLUMN', if(parameters('azureSearchUseIntegratedVectorization'), parameters('azureSearchTextColumn'), ''), 'AZURE_SEARCH_LAYOUT_TEXT_COLUMN', if(parameters('azureSearchUseIntegratedVectorization'), parameters('azureSearchLayoutTextColumn'), ''), 'AZURE_SEARCH_CHUNK_COLUMN', parameters('azureSearchChunkColumn'), 'AZURE_SEARCH_OFFSET_COLUMN', parameters('azureSearchOffsetColumn'), 'AZURE_SEARCH_TOP_K', parameters('azureSearchTopK')), if(equals(parameters('databaseType'), 'PostgreSQL'), createObject('AZURE_POSTGRESQL_HOST_NAME', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql'), '2022-09-01').outputs.postgresDbOutput.value.postgreSQLServerName, 'AZURE_POSTGRESQL_DATABASE_NAME', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql'), '2022-09-01').outputs.postgresDbOutput.value.postgreSQLDatabaseName, 'AZURE_POSTGRESQL_USER', format('{0}-docker', parameters('functionName'))), createObject())))]" @@ -9797,13 +8998,12 @@ }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.36.1.42791", - "templateHash": "4946337189154540704" + "templateHash": "15907054814625845900" } }, "parameters": { @@ -9848,74 +9048,13 @@ "type": "string", "defaultValue": "" }, - "azureOpenAIName": { - "type": "string", - "defaultValue": "" - }, - "azureAISearchName": { - "type": "string", - "defaultValue": "" - }, - "formRecognizerName": { - "type": "string", - "defaultValue": "" - }, - "contentSafetyName": { - "type": "string", - "defaultValue": "" - }, - "speechServiceName": { - "type": "string", - "defaultValue": "" - }, - "computerVisionName": { - "type": "string", - "defaultValue": "" - }, - "useKeyVault": { - "type": "bool" - }, - "openAIKeyName": { - "type": "string", - "defaultValue": "" - }, - "storageAccountKeyName": { - "type": "string", - "defaultValue": "" - }, - "formRecognizerKeyName": { - "type": "string", - "defaultValue": "" - }, - "searchKeyName": { - "type": "string", - "defaultValue": "" - }, - "computerVisionKeyName": { - "type": "string", - "defaultValue": "" - }, - "contentSafetyKeyName": { - "type": "string", - "defaultValue": "" - }, - "speechKeyName": { - "type": "string", - "defaultValue": "" - }, - "authType": { - "type": "string" - }, "dockerFullImageName": { "type": "string", "defaultValue": "" - }, - "databaseType": { - "type": "string" } }, - "resources": { - "functionNameDefaultClientKey": { + "resources": [ + { "type": "Microsoft.Web/sites/host/functionKeys", "apiVersion": "2018-11-01", "name": "[format('{0}/default/clientKey', parameters('name'))]", @@ -9924,11 +9063,11 @@ "value": "[parameters('clientKey')]" }, "dependsOn": [ - "function", - "waitFunctionDeploymentSection" + "[resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name')))]", + "[resourceId('Microsoft.Resources/deploymentScripts', 'WaitFunctionDeploymentSection')]" ] }, - "waitFunctionDeploymentSection": { + { "type": "Microsoft.Resources/deploymentScripts", "apiVersion": "2020-10-01", "name": "WaitFunctionDeploymentSection", @@ -9941,10 +9080,10 @@ "retentionInterval": "PT1H" }, "dependsOn": [ - "function" + "[resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name')))]" ] }, - "function": { + { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-app-module', parameters('name'))]", @@ -9984,25 +9123,21 @@ "dockerFullImageName": { "value": "[parameters('dockerFullImageName')]" }, - "useKeyVault": { - "value": "[parameters('useKeyVault')]" - }, "managedIdentity": { - "value": "[or(equals(parameters('databaseType'), 'PostgreSQL'), not(empty(parameters('keyVaultName'))))]" + "value": "[not(empty(parameters('keyVaultName')))]" }, "appSettings": { - "value": "[union(parameters('appSettings'), createObject('WEBSITES_ENABLE_APP_SERVICE_STORAGE', 'false', 'AZURE_AUTH_TYPE', parameters('authType'), 'USE_KEY_VAULT', if(parameters('useKeyVault'), parameters('useKeyVault'), ''), 'AZURE_OPENAI_API_KEY', if(parameters('useKeyVault'), parameters('openAIKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('azureOpenAIName')), '2023-05-01').key1), 'AZURE_SEARCH_KEY', if(parameters('useKeyVault'), parameters('searchKeyName'), if(not(equals(parameters('azureAISearchName'), '')), listAdminKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Search/searchServices', parameters('azureAISearchName')), '2021-04-01-preview').primaryKey, '')), 'AZURE_BLOB_ACCOUNT_KEY', if(parameters('useKeyVault'), parameters('storageAccountKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2021-09-01').keys[0].value), 'AZURE_FORM_RECOGNIZER_KEY', if(parameters('useKeyVault'), parameters('formRecognizerKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('formRecognizerName')), '2023-05-01').key1), 'AZURE_CONTENT_SAFETY_KEY', if(parameters('useKeyVault'), parameters('contentSafetyKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('contentSafetyName')), '2023-05-01').key1), 'AZURE_SPEECH_SERVICE_KEY', if(parameters('useKeyVault'), parameters('speechKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('speechServiceName')), '2023-05-01').key1), 'AZURE_COMPUTER_VISION_KEY', if(or(parameters('useKeyVault'), equals(parameters('computerVisionName'), '')), parameters('computerVisionKeyName'), listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.CognitiveServices/accounts', parameters('computerVisionName')), '2023-05-01').key1)))]" + "value": "[parameters('appSettings')]" } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.36.1.42791", - "templateHash": "1623075402073661527" + "templateHash": "14064779471734903875" }, "description": "Creates an Azure Function in an existing Azure App Service plan." }, @@ -10031,14 +9166,11 @@ }, "managedIdentity": { "type": "bool", - "defaultValue": "[not(empty(parameters('keyVaultName')))]" + "defaultValue": true }, "storageAccountName": { "type": "string" }, - "useKeyVault": { - "type": "bool" - }, "runtimeName": { "type": "string", "allowedValues": [ @@ -10126,14 +9258,8 @@ "defaultValue": "[if(parameters('useDocker'), false(), contains(parameters('kind'), 'linux'))]" } }, - "resources": { - "storage": { - "existing": true, - "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2021-09-01", - "name": "[parameters('storageAccountName')]" - }, - "functions": { + "resources": [ + { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-functions', parameters('name'))]", @@ -10166,7 +9292,7 @@ "value": "[parameters('appServicePlanId')]" }, "appSettings": { - "value": "[union(parameters('appSettings'), createObject('FUNCTIONS_EXTENSION_VERSION', parameters('extensionVersion')), if(not(parameters('useDocker')), createObject('FUNCTIONS_WORKER_RUNTIME', parameters('runtimeName')), createObject()), if(parameters('useKeyVault'), createObject('AzureWebJobsStorage', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};EndpointSuffix={2}', parameters('storageAccountName'), listKeys('storage', '2021-09-01').keys[0].value, environment().suffixes.storage)), createObject('AzureWebJobsStorage__accountName', parameters('storageAccountName'))))]" + "value": "[union(parameters('appSettings'), createObject('FUNCTIONS_EXTENSION_VERSION', parameters('extensionVersion')), if(not(parameters('useDocker')), createObject('FUNCTIONS_WORKER_RUNTIME', parameters('runtimeName')), createObject()), createObject('AzureWebJobsStorage__accountName', parameters('storageAccountName')))]" }, "clientAffinityEnabled": { "value": "[parameters('clientAffinityEnabled')]" @@ -10219,7 +9345,7 @@ "_generator": { "name": "bicep", "version": "0.36.1.42791", - "templateHash": "7056589812564712804" + "templateHash": "17297314312801200043" }, "description": "Creates an Azure App Service in an existing Azure App Service plan." }, @@ -10248,7 +9374,7 @@ }, "managedIdentity": { "type": "bool", - "defaultValue": "[not(empty(parameters('keyVaultName')))]" + "defaultValue": true }, "runtimeName": { "type": "string", @@ -10496,7 +9622,7 @@ } } }, - "storageBlobRoleFunction": { + { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "storage-blob-role-function", @@ -10507,7 +9633,7 @@ "mode": "Incremental", "parameters": { "principalId": { - "value": "[reference('functions').outputs.identityPrincipalId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-functions', parameters('name'))), '2022-09-01').outputs.identityPrincipalId.value]" }, "roleDefinitionId": { "value": "ba92f5b4-2d11-453d-a403-e96b0029c9fe" @@ -10561,33 +9687,32 @@ } }, "dependsOn": [ - "functions" + "[resourceId('Microsoft.Resources/deployments', format('{0}-functions', parameters('name')))]" ] } - }, + ], "outputs": { "identityPrincipalId": { "type": "string", - "value": "[if(parameters('managedIdentity'), reference('functions').outputs.identityPrincipalId.value, '')]" + "value": "[if(parameters('managedIdentity'), reference(resourceId('Microsoft.Resources/deployments', format('{0}-functions', parameters('name'))), '2022-09-01').outputs.identityPrincipalId.value, '')]" }, "name": { "type": "string", - "value": "[reference('functions').outputs.name.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-functions', parameters('name'))), '2022-09-01').outputs.name.value]" }, "uri": { "type": "string", - "value": "[reference('functions').outputs.uri.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-functions', parameters('name'))), '2022-09-01').outputs.uri.value]" }, "azureWebJobsStorage": { "type": "string", - "value": "[if(parameters('useKeyVault'), format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};EndpointSuffix={2}', parameters('storageAccountName'), listKeys('storage', '2021-09-01').keys[0].value, environment().suffixes.storage), parameters('storageAccountName'))]" + "value": "[parameters('storageAccountName')]" } } } } }, - "openAIRoleFunction": { - "condition": "[equals(parameters('authType'), 'rbac')]", + { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "openai-role-function", @@ -10598,7 +9723,7 @@ "mode": "Incremental", "parameters": { "principalId": { - "value": "[reference('function').outputs.identityPrincipalId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name'))), '2022-09-01').outputs.identityPrincipalId.value]" }, "roleDefinitionId": { "value": "a97b65f3-24c7-4388-baec-2e87135dc908" @@ -10652,11 +9777,10 @@ } }, "dependsOn": [ - "function" + "[resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name')))]" ] }, - "openAIRoleFunctionContributor": { - "condition": "[equals(parameters('authType'), 'rbac')]", + { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "openai-role-function-contributor", @@ -10667,7 +9791,7 @@ "mode": "Incremental", "parameters": { "principalId": { - "value": "[reference('function').outputs.identityPrincipalId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name'))), '2022-09-01').outputs.identityPrincipalId.value]" }, "roleDefinitionId": { "value": "b24988ac-6180-42a0-ab88-20f7382dd24c" @@ -10721,11 +9845,10 @@ } }, "dependsOn": [ - "function" + "[resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name')))]" ] }, - "searchRoleFunction": { - "condition": "[equals(parameters('authType'), 'rbac')]", + { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "search-role-function", @@ -10736,7 +9859,7 @@ "mode": "Incremental", "parameters": { "principalId": { - "value": "[reference('function').outputs.identityPrincipalId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name'))), '2022-09-01').outputs.identityPrincipalId.value]" }, "roleDefinitionId": { "value": "8ebe5a00-799e-43f5-93ac-243d3dce84a7" @@ -10790,11 +9913,10 @@ } }, "dependsOn": [ - "function" + "[resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name')))]" ] }, - "storageBlobRoleFunction": { - "condition": "[equals(parameters('authType'), 'rbac')]", + { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "storage-blob-role-function", @@ -10805,7 +9927,7 @@ "mode": "Incremental", "parameters": { "principalId": { - "value": "[reference('function').outputs.identityPrincipalId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name'))), '2022-09-01').outputs.identityPrincipalId.value]" }, "roleDefinitionId": { "value": "ba92f5b4-2d11-453d-a403-e96b0029c9fe" @@ -10859,11 +9981,10 @@ } }, "dependsOn": [ - "function" + "[resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name')))]" ] }, - "storageQueueRoleFunction": { - "condition": "[equals(parameters('authType'), 'rbac')]", + { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "storage-queue-role-function", @@ -10874,7 +9995,7 @@ "mode": "Incremental", "parameters": { "principalId": { - "value": "[reference('function').outputs.identityPrincipalId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name'))), '2022-09-01').outputs.identityPrincipalId.value]" }, "roleDefinitionId": { "value": "974c5e8b-45b9-4653-ba55-5f855dd0fb88" @@ -10928,11 +10049,10 @@ } }, "dependsOn": [ - "function" + "[resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name')))]" ] }, - "functionaccess": { - "condition": "[parameters('useKeyVault')]", + { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "function-keyvault-access", @@ -10946,7 +10066,7 @@ "value": "[parameters('keyVaultName')]" }, "principalId": { - "value": "[reference('function').outputs.identityPrincipalId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name'))), '2022-09-01').outputs.identityPrincipalId.value]" } }, "template": { @@ -11000,22 +10120,22 @@ } }, "dependsOn": [ - "function" + "[resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name')))]" ] } - }, + ], "outputs": { "FUNCTION_IDENTITY_PRINCIPAL_ID": { "type": "string", - "value": "[reference('function').outputs.identityPrincipalId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name'))), '2022-09-01').outputs.identityPrincipalId.value]" }, "functionName": { "type": "string", - "value": "[reference('function').outputs.name.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name'))), '2022-09-01').outputs.name.value]" }, "AzureWebJobsStorage": { "type": "string", - "value": "[reference('function').outputs.azureWebJobsStorage.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-app-module', parameters('name'))), '2022-09-01').outputs.azureWebJobsStorage.value]" } } } @@ -11027,13 +10147,9 @@ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('hostingPlanName'))]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'keyvault')]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'monitoring')]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql')]", "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('rgName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('speechServiceName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys')]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName'))]" ] }, { @@ -11474,9 +10590,6 @@ "location": { "value": "[parameters('location')]" }, - "useKeyVault": { - "value": "[parameters('useKeyVault')]" - }, "sku": { "value": { "name": "Standard_GRS" @@ -11513,7 +10626,7 @@ "_generator": { "name": "bicep", "version": "0.36.1.42791", - "templateHash": "16260688333491233707" + "templateHash": "14433511087095141274" }, "description": "Creates an Azure storage account." }, @@ -11546,13 +10659,6 @@ "type": "bool", "defaultValue": true }, - "useKeyVault": { - "type": "bool" - }, - "allowSharedKeyAccess": { - "type": "bool", - "defaultValue": "[parameters('useKeyVault')]" - }, "containers": { "type": "array", "defaultValue": [] @@ -11682,7 +10788,7 @@ "accessTier": "[parameters('accessTier')]", "allowBlobPublicAccess": "[parameters('allowBlobPublicAccess')]", "allowCrossTenantReplication": "[parameters('allowCrossTenantReplication')]", - "allowSharedKeyAccess": "[parameters('allowSharedKeyAccess')]", + "allowSharedKeyAccess": false, "defaultToOAuthAuthentication": "[parameters('defaultToOAuthAuthentication')]", "dnsEndpointType": "[parameters('dnsEndpointType')]", "minimumTlsVersion": "[parameters('minimumTlsVersion')]", @@ -11713,7 +10819,7 @@ ] }, { - "condition": "[and(equals(parameters('authType'), 'rbac'), not(equals(parameters('principalId'), '')))]", + "condition": "[not(equals(parameters('principalId'), ''))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "storage-role-user", @@ -11783,7 +10889,7 @@ ] }, { - "condition": "[and(equals(parameters('authType'), 'rbac'), not(equals(parameters('principalId'), '')))]", + "condition": "[not(equals(parameters('principalId'), ''))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "openai-role-user", @@ -11853,7 +10959,7 @@ ] }, { - "condition": "[and(equals(parameters('authType'), 'rbac'), not(equals(parameters('principalId'), '')))]", + "condition": "[not(equals(parameters('principalId'), ''))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "openai-role-user-contributor", @@ -11923,7 +11029,7 @@ ] }, { - "condition": "[and(and(equals(parameters('authType'), 'rbac'), not(equals(parameters('principalId'), ''))), equals(parameters('databaseType'), 'CosmosDB'))]", + "condition": "[and(not(equals(parameters('principalId'), '')), equals(parameters('databaseType'), 'CosmosDB'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "search-role-user", @@ -12013,7 +11119,6 @@ "storageAccountId": { "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('storageAccountName')), '2022-09-01').outputs.id.value]" }, - "keyVaultId": "[if(parameters('useKeyVault'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.id.value), createObject('value', ''))]", "applicationInsightsId": { "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'monitoring'), '2022-09-01').outputs.applicationInsightsId.value]" }, @@ -12033,7 +11138,7 @@ "_generator": { "name": "bicep", "version": "0.36.1.42791", - "templateHash": "2884445231517776593" + "templateHash": "7527931742843464990" } }, "parameters": { @@ -12046,9 +11151,6 @@ "storageAccountId": { "type": "string" }, - "keyVaultId": { - "type": "string" - }, "applicationInsightsId": { "type": "string" }, @@ -12079,7 +11181,6 @@ }, "properties": { "storageAccount": "[parameters('storageAccountId')]", - "keyVault": "[parameters('keyVaultId')]", "applicationInsights": "[parameters('applicationInsightsId')]" } }, @@ -12130,7 +11231,6 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'keyvault')]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'monitoring')]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureOpenAIResourceName'))]", "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('rgName'))]", @@ -12159,9 +11259,6 @@ "baseUrl": { "value": "[variables('baseUrl')]" }, - "keyVaultName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value]" - }, "postgresSqlServerName": { "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql'), '2022-09-01').outputs.postgresDbOutput.value.postgreSQLServerName]" }, @@ -12179,7 +11276,7 @@ "_generator": { "name": "bicep", "version": "0.36.1.42791", - "templateHash": "14404355068161542913" + "templateHash": "7556565821952147924" } }, "parameters": { @@ -12192,9 +11289,6 @@ "baseUrl": { "type": "string" }, - "keyVaultName": { - "type": "string" - }, "identity": { "type": "string" }, @@ -12230,7 +11324,7 @@ "properties": { "azCliVersion": "2.52.0", "primaryScriptUri": "[format('{0}scripts/run_create_table_script.sh', parameters('baseUrl'))]", - "arguments": "[format('{0} {1} {2} {3} {4} {5} {6} {7}', parameters('baseUrl'), parameters('keyVaultName'), resourceGroup().name, parameters('postgresSqlServerName'), parameters('webAppPrincipalName'), parameters('adminAppPrincipalName'), parameters('functionAppPrincipalName'), parameters('managedIdentityName'))]", + "arguments": "[format('{0} {1} {2} {3} {4} {5} {6}', parameters('baseUrl'), resourceGroup().name, parameters('postgresSqlServerName'), parameters('webAppPrincipalName'), parameters('adminAppPrincipalName'), parameters('functionAppPrincipalName'), parameters('managedIdentityName'))]", "timeout": "PT1H", "retentionInterval": "PT1H", "cleanupPreference": "OnSuccess" @@ -12244,11 +11338,9 @@ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', format('{0}-docker', parameters('adminWebsiteName')))]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('functionName'))]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', format('{0}-docker', parameters('functionName')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'keyvault')]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_managed_identity')]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_postgres_sql')]", "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('rgName'))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys')]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('websiteName'))]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', format('{0}-docker', parameters('websiteName')))]" ] @@ -12265,23 +11357,19 @@ }, "AZURE_BLOB_STORAGE_INFO": { "type": "string", - "value": "[string(createObject('container_name', variables('blobContainerName'), 'account_name', parameters('storageAccountName'), 'account_key', if(parameters('useKeyVault'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.STORAGE_ACCOUNT_KEY_NAME.value, '')))]" + "value": "[variables('azureBlobStorageInfo')]" }, "AZURE_COMPUTER_VISION_INFO": { "type": "string", - "value": "[string(createObject('service_name', parameters('speechServiceName'), 'endpoint', if(parameters('useAdvancedImageProcessing'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.endpoint.value, ''), 'location', if(parameters('useAdvancedImageProcessing'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.location.value, ''), 'key', if(parameters('useKeyVault'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COMPUTER_VISION_KEY_NAME.value, ''), 'vectorize_image_api_version', parameters('computerVisionVectorizeImageApiVersion'), 'vectorize_image_model_version', parameters('computerVisionVectorizeImageModelVersion')))]" + "value": "[string(createObject('service_name', parameters('speechServiceName'), 'endpoint', if(parameters('useAdvancedImageProcessing'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.endpoint.value, ''), 'location', if(parameters('useAdvancedImageProcessing'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'computerVision'), '2022-09-01').outputs.location.value, ''), 'vectorize_image_api_version', parameters('computerVisionVectorizeImageApiVersion'), 'vectorize_image_model_version', parameters('computerVisionVectorizeImageModelVersion')))]" }, "AZURE_CONTENT_SAFETY_INFO": { "type": "string", - "value": "[string(createObject('endpoint', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.endpoint.value, 'key', if(parameters('useKeyVault'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.CONTENT_SAFETY_KEY_NAME.value, '')))]" + "value": "[string(createObject('endpoint', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('contentSafetyName')), '2022-09-01').outputs.endpoint.value))]" }, "AZURE_FORM_RECOGNIZER_INFO": { "type": "string", - "value": "[string(createObject('endpoint', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.endpoint.value, 'key', if(parameters('useKeyVault'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.FORM_RECOGNIZER_KEY_NAME.value, '')))]" - }, - "AZURE_KEY_VAULT_INFO": { - "type": "string", - "value": "[string(createObject('endpoint', if(parameters('useKeyVault'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.endpoint.value, ''), 'name', if(or(parameters('useKeyVault'), equals(parameters('authType'), 'rbac')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'keyvault'), '2022-09-01').outputs.name.value, '')))]" + "value": "[string(createObject('endpoint', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('formRecognizerName')), '2022-09-01').outputs.endpoint.value))]" }, "AZURE_LOCATION": { "type": "string", @@ -12293,7 +11381,7 @@ }, "AZURE_OPENAI_CONFIGURATION_INFO": { "type": "string", - "value": "[string(createObject('service_name', parameters('speechServiceName'), 'stream', parameters('azureOpenAIStream'), 'system_message', parameters('azureOpenAISystemMessage'), 'stop_sequence', parameters('azureOpenAIStopSequence'), 'max_tokens', parameters('azureOpenAIMaxTokens'), 'top_p', parameters('azureOpenAITopP'), 'temperature', parameters('azureOpenAITemperature'), 'api_version', parameters('azureOpenAIApiVersion'), 'resource', parameters('azureOpenAIResourceName'), 'api_key', if(parameters('useKeyVault'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.OPENAI_KEY_NAME.value, '')))]" + "value": "[variables('azureOpenaiConfigurationInfo')]" }, "AZURE_OPENAI_EMBEDDING_MODEL_INFO": { "type": "string", @@ -12305,11 +11393,11 @@ }, "AZURE_SEARCH_SERVICE_INFO": { "type": "string", - "value": "[if(equals(parameters('databaseType'), 'CosmosDB'), string(createObject('service_name', parameters('azureAISearchName'), 'key', if(parameters('useKeyVault'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SEARCH_KEY_NAME.value, ''), 'service', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.endpoint.value, 'use_semantic_search', parameters('azureSearchUseSemanticSearch'), 'semantic_search_config', parameters('azureSearchSemanticSearchConfig'), 'index_is_prechunked', parameters('azureSearchIndexIsPrechunked'), 'top_k', parameters('azureSearchTopK'), 'enable_in_domain', parameters('azureSearchEnableInDomain'), 'content_column', parameters('azureSearchContentColumn'), 'content_vector_column', parameters('azureSearchVectorColumn'), 'filename_column', parameters('azureSearchFilenameColumn'), 'filter', parameters('azureSearchFilter'), 'title_column', parameters('azureSearchTitleColumn'), 'fields_metadata', parameters('azureSearchFieldsMetadata'), 'source_column', parameters('azureSearchSourceColumn'), 'text_column', parameters('azureSearchTextColumn'), 'layout_column', parameters('azureSearchLayoutTextColumn'), 'url_column', parameters('azureSearchUrlColumn'), 'use_integrated_vectorization', parameters('azureSearchUseIntegratedVectorization'), 'index', parameters('azureSearchIndex'), 'indexer_name', parameters('azureSearchIndexer'), 'datasource_name', parameters('azureSearchDatasource'))), '')]" + "value": "[if(equals(parameters('databaseType'), 'CosmosDB'), string(createObject('service_name', parameters('azureAISearchName'), 'service', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('azureAISearchName')), '2022-09-01').outputs.endpoint.value, 'use_semantic_search', parameters('azureSearchUseSemanticSearch'), 'semantic_search_config', parameters('azureSearchSemanticSearchConfig'), 'index_is_prechunked', parameters('azureSearchIndexIsPrechunked'), 'top_k', parameters('azureSearchTopK'), 'enable_in_domain', parameters('azureSearchEnableInDomain'), 'content_column', parameters('azureSearchContentColumn'), 'content_vector_column', parameters('azureSearchVectorColumn'), 'filename_column', parameters('azureSearchFilenameColumn'), 'filter', parameters('azureSearchFilter'), 'title_column', parameters('azureSearchTitleColumn'), 'fields_metadata', parameters('azureSearchFieldsMetadata'), 'source_column', parameters('azureSearchSourceColumn'), 'text_column', parameters('azureSearchTextColumn'), 'layout_column', parameters('azureSearchLayoutTextColumn'), 'url_column', parameters('azureSearchUrlColumn'), 'use_integrated_vectorization', parameters('azureSearchUseIntegratedVectorization'), 'index', parameters('azureSearchIndex'), 'indexer_name', parameters('azureSearchIndexer'), 'datasource_name', parameters('azureSearchDatasource'))), '')]" }, "AZURE_SPEECH_SERVICE_INFO": { "type": "string", - "value": "[string(createObject('service_name', parameters('speechServiceName'), 'service_region', parameters('location'), 'service_key', if(parameters('useKeyVault'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.SPEECH_KEY_NAME.value, ''), 'recognizer_languages', parameters('recognizedLanguages')))]" + "value": "[variables('azureSpeechServiceInfo')]" }, "AZURE_TENANT_ID": { "type": "string", @@ -12323,14 +11411,6 @@ "type": "string", "value": "[parameters('orchestrationStrategy')]" }, - "USE_KEY_VAULT": { - "type": "bool", - "value": "[parameters('useKeyVault')]" - }, - "AZURE_AUTH_TYPE": { - "type": "string", - "value": "[parameters('authType')]" - }, "BACKEND_URL": { "type": "string", "value": "[variables('backendUrl')]" @@ -12339,10 +11419,6 @@ "type": "string", "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('functionName')), '2022-09-01').outputs.AzureWebJobsStorage.value]" }, - "FUNCTION_KEY": { - "type": "string", - "value": "[variables('clientKey')]" - }, "FRONTEND_WEBSITE_NAME": { "type": "string", "value": "[if(equals(parameters('hostingModel'), 'code'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', parameters('websiteName')), '2022-09-01').outputs.FRONTEND_API_URI.value, reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', format('{0}-docker', parameters('websiteName'))), '2022-09-01').outputs.FRONTEND_API_URI.value)]" @@ -12381,7 +11457,7 @@ }, "AZURE_COSMOSDB_INFO": { "type": "string", - "value": "[string(createObject('account_name', if(equals(parameters('databaseType'), 'CosmosDB'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosAccountName, ''), 'account_key', if(and(equals(parameters('databaseType'), 'CosmosDB'), parameters('useKeyVault')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'storekeys'), '2022-09-01').outputs.COSMOS_ACCOUNT_KEY_NAME.value, ''), 'database_name', if(equals(parameters('databaseType'), 'CosmosDB'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosDatabaseName, ''), 'conversations_container_name', if(equals(parameters('databaseType'), 'CosmosDB'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosContainerName, '')))]" + "value": "[string(createObject('account_name', if(equals(parameters('databaseType'), 'CosmosDB'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosAccountName, ''), 'database_name', if(equals(parameters('databaseType'), 'CosmosDB'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosDatabaseName, ''), 'conversations_container_name', if(equals(parameters('databaseType'), 'CosmosDB'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('rgName')), 'Microsoft.Resources/deployments', 'deploy_cosmos_db'), '2022-09-01').outputs.cosmosOutput.value.cosmosContainerName, '')))]" }, "AZURE_POSTGRESQL_INFO": { "type": "string", diff --git a/scripts/run_create_table_script.sh b/scripts/run_create_table_script.sh index 8777ecbc5..3be7f354b 100644 --- a/scripts/run_create_table_script.sh +++ b/scripts/run_create_table_script.sh @@ -3,15 +3,15 @@ echo "started the script" # Variables baseUrl="$1" -keyvaultName="$2" +# keyvaultName="$2" requirementFile="requirements.txt" requirementFileUrl=${baseUrl}"scripts/data_scripts/requirements.txt" -resourceGroup="$3" -serverName="$4" -webAppPrincipalName="$5" -adminAppPrincipalName="$6" -functionAppPrincipalName="$7" -managedIdentityName="$8" +resourceGroup="$2" +serverName="$3" +webAppPrincipalName="$4" +adminAppPrincipalName="$5" +functionAppPrincipalName="$6" +managedIdentityName="$7" echo "Script Started" @@ -30,7 +30,7 @@ curl --output "$requirementFile" "$requirementFileUrl" echo "Download completed" #Replace key vault name -sed -i "s/kv_to-be-replaced/${keyvaultName}/g" "create_postgres_tables.py" +# sed -i "s/kv_to-be-replaced/${keyvaultName}/g" "create_postgres_tables.py" sed -i "s/webAppPrincipalName/${webAppPrincipalName}/g" "create_postgres_tables.py" sed -i "s/adminAppPrincipalName/${adminAppPrincipalName}/g" "create_postgres_tables.py" sed -i "s/managedIdentityName/${managedIdentityName}/g" "create_postgres_tables.py"